Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path.
This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default.
The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/CWD-5888 |
History
Wed, 02 Oct 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2022-11-17T00:00:01.315Z
Updated: 2024-10-02T15:05:47.174Z
Reserved: 2022-10-26T14:49:11.115Z
Link: CVE-2022-43782
Vulnrichment
Updated: 2024-08-03T13:40:06.314Z
NVD
Status : Modified
Published: 2022-11-17T00:15:18.640
Modified: 2024-11-21T07:27:14.780
Link: CVE-2022-43782
Redhat
No data.