Lucene search
PRIOn knowledge basePRION:CVE-2022-43782HistoryNov 17, 2022 - 12:15 a.m.
Path traversal
2022-11-1700:15:00
PRIOn knowledge base
www.prio-n.com
9
atlassian crowd
path traversal
security misconfiguration
rest api
remote addresses
vulnerability
ip allowlist
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd’s REST API under the {{usermanagement}} path. This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default. The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3
References
Related
cvelist
cvelist
CVE-2022-43782
2022-11-17 00:00:01
nessus
nessus
Atlassian Crowd 3.x / 4.x < 4.4.4 / 5.x < 5.0.3 Security Bypass (CWD-5888)
2022-12-01 00:00:00
atlassian
atlassian
Crowd DC Critical Security Misconfiguration Vulnerability - CVE-2022-43782
2022-10-27 00:45:02
nvd
nvd
CVE-2022-43782
2022-11-17 00:15:18
cve
cve
CVE-2022-43782
2022-11-17 00:15:18
hivepro
hivepro
Atlassian Addresses Issues in Crowd and Bitbucket Products
2022-11-23 12:13:27
thn
thn