Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-43782

Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default. The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3

Published

2022-11-17T00:15:18.640

Last Modified

2024-11-21T07:27:14.780

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	atlassian	crowd	< 4.4.4	Yes
Application	atlassian	crowd	< 5.0.3	Yes

References

https://jira.atlassian.com/browse/CWD-5888 Issue Tracking, Patch, Vendor Advisory ([email protected])
https://jira.atlassian.com/browse/CWD-5888 Issue Tracking, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)