Filtered by vendor Atlassian Subscriptions
Filtered by product Crowd2 Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-1000423 1 Atlassian 1 Crowd2 2024-11-21 N/A
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2.
CVE-2018-1000422 1 Atlassian 1 Crowd2 2024-11-21 N/A
An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings.