- Description
- Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.
- Source
- security@atlassian.com
- NVD status
- Analyzed
CVSS 3.0
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5.5
- Impact score
- 4.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:N
- nvd@nist.gov
- CWE-384
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D9C82D9-D6A5-4150-B73D-A1A4A3CA7DA0",
"versionEndExcluding": "3.2.7"
},
{
"criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8BDE6573-6D18-44BC-B0A1-40741FB82896",
"versionEndExcluding": "3.3.4",
"versionStartIncluding": "3.3.0"
}
],
"operator": "OR"
}
]
}
]