PT-2023-18555 · Atlassian · Crowd Data Center/Server

M1Sn0W

Publicado

2023-11-21

Atualizado

2023-11-29

CVE-2023-22521

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Crowd Data Center and Server version 3.4.6 Crowd Data Center and Server versions prior to 5.1.6 Crowd Data Center and Server versions prior to 5.2.1

Description This issue allows an authenticated attacker to execute arbitrary code, which has a high impact on confidentiality, integrity, and availability, and requires no user interaction. The vulnerability was discovered by m1sn0w and reported via the Bug Bounty program.

Recommendations For Crowd Data Center and Server 3.4, upgrade to a release greater than or equal to 5.1.6. For Crowd Data Center and Server 5.2, upgrade to a release greater than or equal to 5.2.1. If you are unable to upgrade to the latest version, consider upgrading your instance to one of the specified supported fixed versions.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-22521

Produtos afetados

Crowd Data Center/Server

PT-2023-18555 · Atlassian · Crowd Data Center/Server

CVE-2023-22521

Identificadores relacionados

Produtos afetados

Referências · 6