Authentication Bypass in Atlassian Crowd 'crowd-application' Plugin
CVE-2017-16858

6.8MEDIUM

Key Information:

Vendor: Atlassian
Status: Crowd
Vendor: CVE Published:; 31 January 2018

Summary

The 'crowd-application' plugin in Atlassian Crowd enables attackers to impersonate legitimate users due to a flaw in REST API authentication. This vulnerability arises when an attacker accesses the REST interface of a directory linked to an application, using credentials of a user from a different directory. For instance, if directory 1 has a user 'admin' while directory 2 also has an 'admin' user, it allows the attacker to authenticate as the admin user of directory 1 by exploiting the authentication capabilities of directory 2. This can lead to unauthorized access, data leakage, and potential control over sensitive operations within the application.

Affected Version(s)

Crowd from 1.5.0 before 3.1.2

References

https://jira.atlassian.com/browse/CWD-5009

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2018
Vulnerability Reserved
Nov 16, 2017