CVE-2017-18109

6.1MEDIUM

Key Information:

Vendor: Atlassian
Status: Crowd
Vendor: CVE Published:; 29 March 2019

Summary

The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.

Affected Version(s)

Crowd < 3.0.2

Crowd 3.1.0

Crowd < 3.1.1

References

https://jira.atlassian.com/browse/CWD-5071

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 29, 2019
Vulnerability Reserved
Feb 1, 2018