Threat Encyclopedia



This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Atlassian Crowd and Crowd Data Center.
The vulnerability is due to the pdkinstall development plugin incorrectly enabled in release builds. A remote attacker may be able to exploit this to install arbitrary plugins and execute arbitrary code within the context of the application, via a crafted HTTP POST request.

affected-products-logoAffected Products

All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.

CVE References