Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default. The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3
References
History

Wed, 02 Oct 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2022-11-17T00:00:01.315Z

Updated: 2024-10-02T15:05:47.174Z

Reserved: 2022-10-26T14:49:11.115Z

Link: CVE-2022-43782

cve-icon Vulnrichment

Updated: 2024-08-03T13:40:06.314Z

cve-icon NVD

Status : Modified

Published: 2022-11-17T00:15:18.640

Modified: 2024-11-21T07:27:14.780

Link: CVE-2022-43782

cve-icon Redhat

No data.