应用安全

CVE-2019-11580

Date
2019

类型
RCE

影响范围
Atlassian Crowd 3.4.3
Atlassian Crowd 3.4
Atlassian Crowd 3.3.4
Atlassian Crowd 3.3.3
Atlassian Crowd 3.3.1
Atlassian Crowd 3.3
Atlassian Crowd 3.2.1 - 3.2.7
Atlassian Crowd 3.2
Atlassian Crowd 3.1.5
Atlassian Crowd 3.1
Atlassian Crowd 3.0.4
Atlassian Crowd 2.11.1
Atlassian Crowd 2.11
Atlassian Crowd 2.10.3
Atlassian Crowd 2.10.1
Atlassian Crowd 2.9.7
Atlassian Crowd 2.9.1 - 2.9.5
Atlassian Crowd 2.9
Atlassian Crowd 2.8.8
Atlassian Crowd 2.8.3
Atlassian Crowd 2.7
Atlassian Crowd 2.6.0 - 2.6.3
Atlassian Crowd 2.5.3 - 2.5.4
Atlassian Crowd 2.5.0 - 2.5.2
Atlassian Crowd 2.4.9
Atlassian Crowd 2.4.1
Atlassian Crowd 2.4
Atlassian Crowd 2.3.6 - 2.3.8
Atlassian Crowd 2.3.1 - 2.3.4
Atlassian Crowd 2.2.9
Atlassian Crowd 2.2.7
Atlassian Crowd 2.2.4
Atlassian Crowd 2.2.2
Atlassian Crowd 2.1.1 - 2.1.2
Atlassian Crowd 2.1

前置条件
/crowd/admin/uploadplugin.action  ---》返回400

CVE-2018-20238

Date
2018

类型
身份验证绕过

影响范围
Atlassian Crowd 3.2.7之前版本和3.3.0版本至3.3.4之前版本中存在安全漏洞

CVE-2017-18107

Date
2017

漏洞类型
XSS - 高危

影响范围
< Atlassian Crowd 3.1.1

CVE-2017-18110

Date
2017

类型
XXE

影响范围
Atlassian Crowd 3.0.2之前版本和3.1.0版本中存在安全漏洞

CVE-2017-18108

Date
2017

漏洞类型
代码注入

影响范围
<Atlassian Crowd 2.10.2之前版本

CVE-2017-18106

Date
2017

类型
会话劫持

影响范围
<Atlassian Crowd 2.9.1

CVE-2017-18105

Date
2017

类型
会话固定

影响范围
Atlassian Crowd 3.0.2之前版本和3.1.0版本中存在安全漏洞

CVE-2017-18109

Date
2017

类型
输入验证错误漏洞

影响范围
Atlassian Crowd 3.0.2之前版本和3.1.0版本中

CVE-2017-16858

Date
2017

类型
crowd-application插件模块用户伪造漏洞

影响范围
Atlassian Crowd 1.5.0版本至3.1.2版本（不包括3.1.2版本）

CVE-2016-10740

Date
2016

类型
远程目录密码漏洞

影响范围
Atlassian Crowd 2.10.1之前版本中存在安全漏洞

CVE-2016-6496

Date
2016

类型
LADP注入导致RCE

影响范围
Atlassian Crowd 2.6.3
Atlassian Crowd 2.3.8
Atlassian Crowd 2.3.9
Atlassian Crowd 1.5.3
Atlassian Crowd 1.5.2
Atlassian Crowd 1.5.1
Atlassian Crowd 1.4.8
Atlassian Crowd 1.4.7
Atlassian Crowd 1.4.4
Atlassian Crowd 1.4.3
Atlassian Crowd 1.4.2
Atlassian Crowd 1.4
Atlassian Crowd 2.9.4
Atlassian Crowd 2.9.3
Atlassian Crowd 2.9.2
Atlassian Crowd 2.9.1
Atlassian Crowd 2.9
Atlassian Crowd 2.6.2
Atlassian Crowd 2.5.4
Atlassian Crowd 2.5.3
Atlassian Crowd 2.4.9
Atlassian Crowd 2.7
Atlassian Crowd 2.6.1
Atlassian Crowd 2.6.0
Atlassian Crowd 2.5.2
Atlassian Crowd 2.5.1
Atlassian Crowd 2.5.0
Atlassian Crowd 2.4.2
Atlassian Crowd 2.4.1
Atlassian Crowd 2.3.7
Atlassian Crowd 2.3.6
Atlassian Crowd 2.3.4
Atlassian Crowd 2.3.3
Atlassian Crowd 2.3.2
Atlassian Crowd 2.3.1
Atlassian Crowd 2.2.9
Atlassian Crowd 2.2.7
Atlassian Crowd 2.2.4
Atlassian Crowd 2.2.2
Atlassian Crowd 2.1.2
Atlassian Crowd 2.1.1
Atlassian Crowd 2.0.9
Atlassian Crowd 2.0.7
Atlassian Crowd 2.0.6
Atlassian Crowd 2.0.5
Atlassian Crowd 2.0.4
Atlassian Crowd 2.0.3
Atlassian Crowd 2.0.2
Atlassian Crowd 2.0.1
Atlassian Crowd 1.6.3
Atlassian Crowd 1.6.1
Atlassian Crowd 1.6

CVE-2013-3926

Date
2013

类型
Atlassian Crowd软件存在后门，允许任何人远程控制Crowd服务器，并损坏系统应用和数据

影响范围
<Atlassian Crowd 2.6.3

CVE-2013-3925

Date
2013

类型
XML外部实体引用任意文件读取漏洞

影响范围
Atlassian Crowd 2.5.x
Atlassian Crowd 2.6.x
Atlassian Crowd 2.3.8
Atlassian Crowd 2.3.9