This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Atlassian Crowd and Crowd Data Center.
The vulnerability is due to the pdkinstall development plugin incorrectly enabled in release builds. A remote attacker may be able to exploit this to install arbitrary plugins and execute arbitrary code within the context of the application, via a crafted HTTP POST request.

affected-products-logoAffected Products

All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.

Telemetry logoTelemetry


IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2024-01-24 26.721 Sig Added
2019-11-26 15.731 Default_action:pass:drop
2019-09-20 14.692 Sig Added
2019-08-22 14.675