CVE-2018-20238

Summary

Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.

Affected Software

VendorProductVersion RangeStatus
AtlassianCrowdunspecified < 3.2.7affected
AtlassianCrowd3.3.0 < unspecifiedaffected
AtlassianCrowdunspecified < 3.3.4affected

Weaknesses

  • Insufficient Session Expiration

ADP Enrichment

CVE Program Container

Additional References

References