CVE-2017-18105 is a vulnerability in Atlassian Crowd
Published on March 29, 2019

The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.

NVD

Products Associated with CVE-2017-18105

Want to know whenever a new CVE is published for Atlassian Crowd? stack.watch will email you.

Atlassian Crowd

Affected Versions

Atlassian Crowd:

Version unspecified and below 3.0.2 is affected.
Version 3.1.0 and below unspecified is affected.
Version unspecified and below 3.1.1 is affected.

Exploit Probability

EPSS

0.51%

Percentile

65.95%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-18105 is a vulnerability in Atlassian CrowdPublished on March 29, 2019

Products Associated with CVE-2017-18105

Affected Versions

Exploit Probability

CVE-2017-18105 is a vulnerability in Atlassian Crowd
Published on March 29, 2019