admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 10:41:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2022/CVE-2022-43782.md

19 lines
1.1 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2022-43782](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43782)
![](https://img.shields.io/static/v1?label=Product&message=Crowd%20Data%20Center&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Crowd%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=!%20before%203.0.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Security%20Misconfiguration&color=brighgreen)
### Description
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default. The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/karimhabush/cyberowl
Reference in New Issue Copy Permalink