CVE-2019-20902

Summary

Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1.

Affected Software

VendorProductVersion RangeStatus
AtlassianCrowdunspecified < 3.4.6affected
AtlassianCrowd3.5.0 < unspecifiedaffected
AtlassianCrowdunspecified < 3.5.1affected

Weaknesses

  • Broken Access Control

ADP Enrichment

CVE Program Container

Additional References

References