Open Redirect Vulnerability in Atlassian Crowd Login Resource
CVE-2017-18109

6.1MEDIUM

Key Information:

Vendor: Atlassian
Status: Crowd
Vendor: CVE Published:; 29 March 2019

What is CVE-2017-18109?

The login mechanism in Atlassian Crowd versions prior to 3.0.2 and in the range from 3.1.0 to 3.1.1 is susceptible to an open redirect flaw. This vulnerability allows remote attackers to maneuver users into being redirected to malicious external sites, potentially setting the stage for phishing schemes. By exploiting this vulnerability, attackers can manipulate the user experience, mislead them into submitting sensitive information on fraudulent platforms, thereby compromising account security.

Affected Version(s)

Crowd < 3.0.2

Crowd 3.1.0

Crowd < 3.1.1

References

https://jira.atlassian.com/browse/CWD-5071

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 29, 2019
Vulnerability Reserved
Feb 1, 2018

CVE-2017-18109 Data

JSON