Remote Code Execution Flaw in Atlassian Crowd Administration SMTP Configuration
CVE-2017-18108

7.2HIGH

Key Information:

Vendor: Atlassian
Status: Crowd
Vendor: CVE Published:; 29 March 2019

What is CVE-2017-18108?

The Atlassian Crowd administration SMTP configuration is susceptible to a remote code execution vulnerability. This issue affects versions prior to 2.10.2, where an attacker with administrative rights can exploit JNDI injection vulnerabilities to execute arbitrary code. This security flaw emphasizes the crucial need for updating to the latest version and securing administration access to mitigate potential threats.

Affected Version(s)

Crowd < 2.10.2

References

https://jira.atlassian.com/browse/CWD-5062

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 29, 2019
Vulnerability Reserved
Feb 1, 2018