CVE-2019-11580
Date 2019 类型 RCE 影响范围 Atlassian Crowd 3.4.3 Atlassian Crowd 3.4 Atlassian Crowd 3.3.4 Atlassian Crowd 3.3.3 Atlassian Crowd 3.3.1 Atlassian Crowd 3.3 Atlassian Crowd 3.2.1 - 3.2.7 Atlassian Crowd 3.2 Atlassian Crowd 3.1.5 Atlassian Crowd 3.1 Atlassian Crowd 3.0.4 Atlassian Crowd 2.11.1 Atlassian Crowd 2.11 Atlassian Crowd 2.10.3 Atlassian Crowd 2.10.1 Atlassian Crowd 2.9.7 Atlassian Crowd 2.9.1 - 2.9.5 Atlassian Crowd 2.9 Atlassian Crowd 2.8.8 Atlassian Crowd 2.8.3 Atlassian Crowd 2.7 Atlassian Crowd 2.6.0 - 2.6.3 Atlassian Crowd 2.5.3 - 2.5.4 Atlassian Crowd 2.5.0 - 2.5.2 Atlassian Crowd 2.4.9 Atlassian Crowd 2.4.1 Atlassian Crowd 2.4 Atlassian Crowd 2.3.6 - 2.3.8 Atlassian Crowd 2.3.1 - 2.3.4 Atlassian Crowd 2.2.9 Atlassian Crowd 2.2.7 Atlassian Crowd 2.2.4 Atlassian Crowd 2.2.2 Atlassian Crowd 2.1.1 - 2.1.2 Atlassian Crowd 2.1
前置条件
/crowd/admin/uploadplugin.action ---》返回400
CVE-2018-20238
Date 2018 类型 身份验证绕过 影响范围 Atlassian Crowd 3.2.7之前版本和3.3.0版本至3.3.4之前版本中存在安全漏洞
CVE-2017-18107
Date 2017 漏洞类型 XSS - 高危 影响范围 < Atlassian Crowd 3.1.1
CVE-2017-18110
Date 2017 类型 XXE 影响范围 Atlassian Crowd 3.0.2之前版本和3.1.0版本中存在安全漏洞
CVE-2017-18108
Date 2017 漏洞类型 代码注入 影响范围 <Atlassian Crowd 2.10.2之前版本
CVE-2017-18106
Date 2017 类型 会话劫持 影响范围 <Atlassian Crowd 2.9.1
CVE-2017-18105
Date 2017 类型 会话固定 影响范围 Atlassian Crowd 3.0.2之前版本和3.1.0版本中存在安全漏洞
CVE-2017-18109
Date 2017 类型 输入验证错误漏洞 影响范围 Atlassian Crowd 3.0.2之前版本和3.1.0版本中
CVE-2017-16858
Date 2017 类型 crowd-application插件模块用户伪造漏洞 影响范围 Atlassian Crowd 1.5.0版本至3.1.2版本(不包括3.1.2版本)
CVE-2016-10740
Date 2016 类型 远程目录密码漏洞 影响范围 Atlassian Crowd 2.10.1之前版本中存在安全漏洞
CVE-2016-6496
Date 2016 类型 LADP注入导致RCE 影响范围 Atlassian Crowd 2.6.3 Atlassian Crowd 2.3.8 Atlassian Crowd 2.3.9 Atlassian Crowd 1.5.3 Atlassian Crowd 1.5.2 Atlassian Crowd 1.5.1 Atlassian Crowd 1.4.8 Atlassian Crowd 1.4.7 Atlassian Crowd 1.4.4 Atlassian Crowd 1.4.3 Atlassian Crowd 1.4.2 Atlassian Crowd 1.4 Atlassian Crowd 2.9.4 Atlassian Crowd 2.9.3 Atlassian Crowd 2.9.2 Atlassian Crowd 2.9.1 Atlassian Crowd 2.9 Atlassian Crowd 2.6.2 Atlassian Crowd 2.5.4 Atlassian Crowd 2.5.3 Atlassian Crowd 2.4.9 Atlassian Crowd 2.7 Atlassian Crowd 2.6.1 Atlassian Crowd 2.6.0 Atlassian Crowd 2.5.2 Atlassian Crowd 2.5.1 Atlassian Crowd 2.5.0 Atlassian Crowd 2.4.2 Atlassian Crowd 2.4.1 Atlassian Crowd 2.3.7 Atlassian Crowd 2.3.6 Atlassian Crowd 2.3.4 Atlassian Crowd 2.3.3 Atlassian Crowd 2.3.2 Atlassian Crowd 2.3.1 Atlassian Crowd 2.2.9 Atlassian Crowd 2.2.7 Atlassian Crowd 2.2.4 Atlassian Crowd 2.2.2 Atlassian Crowd 2.1.2 Atlassian Crowd 2.1.1 Atlassian Crowd 2.0.9 Atlassian Crowd 2.0.7 Atlassian Crowd 2.0.6 Atlassian Crowd 2.0.5 Atlassian Crowd 2.0.4 Atlassian Crowd 2.0.3 Atlassian Crowd 2.0.2 Atlassian Crowd 2.0.1 Atlassian Crowd 1.6.3 Atlassian Crowd 1.6.1 Atlassian Crowd 1.6
CVE-2013-3926
Date 2013 类型 Atlassian Crowd软件存在后门,允许任何人远程控制Crowd服务器,并损坏系统应用和数据 影响范围 <Atlassian Crowd 2.6.3
CVE-2013-3925
Date 2013 类型 XML外部实体引用任意文件读取漏洞 影响范围 Atlassian Crowd 2.5.x Atlassian Crowd 2.6.x Atlassian Crowd 2.3.8 Atlassian Crowd 2.3.9