PT-2023-18555 · Atlassian · Crowd Data Center/Server

M1Sn0W

Published

2023-11-21

Updated

2023-11-29

CVE-2023-22521

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Crowd Data Center and Server version 3.4.6 Crowd Data Center and Server versions prior to 5.1.6 Crowd Data Center and Server versions prior to 5.2.1

Description This issue allows an authenticated attacker to execute arbitrary code, which has a high impact on confidentiality, integrity, and availability, and requires no user interaction. The vulnerability was discovered by m1sn0w and reported via the Bug Bounty program.

Recommendations For Crowd Data Center and Server 3.4, upgrade to a release greater than or equal to 5.1.6. For Crowd Data Center and Server 5.2, upgrade to a release greater than or equal to 5.2.1. If you are unable to upgrade to the latest version, consider upgrading your instance to one of the specified supported fixed versions.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-22521

Affected Products

Crowd Data Center/Server

PT-2023-18555 · Atlassian · Crowd Data Center/Server

CVE-2023-22521

Related Identifiers

Affected Products

References · 6