h2. Summary of Vulnerability
This critical severity DoS (Denial of Service) vulnerability known as CVE-2022-29885 was introduced in version 4.0.0 of Crowd Data Center and Crowd Server.
h2. Affected Versions
||Product||Affected Versions||
|Crowd Data Center
Crowd Server|- 4.0.0
h2. Fixed Versions
||Product||Fixed Versions||
|Crowd Data Center
Crowd Server|- 6.0.2 or later|
h2. What You Need to Do
Atlassian recommends that you upgrade your instance to one of the versions listed in the โFixed Versionsโ table section of this ticket. For full descriptions of the above versions of Crowd Data Center and Crowd Server, see the [release notes|https://confluence.atlassian.com/crowd/crowd-release-notes-199094.html]. You can download the latest version of Bitbucket from the [download center|https://www.atlassian.com/software/crowd/download-archive].
h2. Mitigation:
There are no known workarounds. To remediate this vulnerability, update each affected product installation to a fixed version.
For additional details, please see full advisory here: https://confluence.atlassian.com/pages/viewpage.action?pageId=1252327929
h2. Acknowledgments
This vulnerability was discovered by Internal Scanner and reported via our Atlassian (Internal) program.