Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Atlassian Subscribe
Filtered by product Crowd2
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1000423 1 Atlassian 1 Crowd2 2020-08-24 2.1 LOW 7.8 HIGH
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2.
CVE-2018-1000422 1 Atlassian 1 Crowd2 2019-01-30 4.0 MEDIUM 6.5 MEDIUM
An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings.