Intrusion Prevention

Atlassian.Crowd.Pdkinstall.Plugin.Remote.Code.Execution

Description

This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Atlassian Crowd and Crowd Data Center.
The vulnerability is due to the pdkinstall development plugin incorrectly enabled in release builds. A remote attacker may be able to exploit this to install arbitrary plugins and execute arbitrary code within the context of the application, via a crafted HTTP POST request.

Affected Products

All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://jira.atlassian.com/browse/CWD-5388

CVE References

CVE-2019-11580