CVE-2018-20238 is a vulnerability in Atlassian Crowd
Published on February 13, 2019

Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.

NVD

Products Associated with CVE-2018-20238

Want to know whenever a new CVE is published for Atlassian Crowd? stack.watch will email you.

Atlassian Crowd

Affected Versions

Atlassian Crowd:

Version unspecified and below 3.2.7 is affected.
Version 3.3.0 and below unspecified is affected.
Version unspecified and below 3.3.4 is affected.

Exploit Probability

EPSS

0.21%

Percentile

42.43%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-20238 is a vulnerability in Atlassian CrowdPublished on February 13, 2019

Products Associated with CVE-2018-20238

Affected Versions

Exploit Probability

CVE-2018-20238 is a vulnerability in Atlassian Crowd
Published on February 13, 2019