We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-43782



Description

Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default. The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3

Reserved 2022-10-26 | Published 2022-11-17 | Updated 2024-10-02 | Assigner atlassian

Problem types

Security Misconfiguration

Product status

before 3.0.0
unaffected

before 4.4.4
affected

before 5.0.3
affected

before 3.0.0
unaffected

before 4.4.4
affected

before 5.0.3
affected

Credits

Ashish Kotha

References

jira.atlassian.com/browse/CWD-5888

cve.org (CVE-2022-43782)

nvd.nist.gov (CVE-2022-43782)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2022-43782

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.