CVE-2017-18109

Name of the Vulnerable Software and Affected Versions Atlassian Crowd versions prior to 3.0.2 Atlassian Crowd versions 3.1.0 through 3.1.0

Description The issue allows remote attackers to redirect users to a different website, potentially as part of a phishing attack, via an open redirect in the login resource of CrowdId.

Recommendations For versions prior to 3.0.2, update to version 3.0.2 or later. For versions 3.1.0, update to version 3.1.1 or later.