CVE-2019-20104 is a vulnerability in Atlassian Crowd
Published on February 6, 2020

The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability.

NVD

Products Associated with CVE-2019-20104

Want to know whenever a new CVE is published for Atlassian Crowd? stack.watch will email you.

Atlassian Crowd

Affected Versions

Atlassian Crowd:

Version unspecified and below 3.6.2 is affected.
Version 3.7.0 and below unspecified is affected.
Version unspecified and below 3.7.1 is affected.

Exploit Probability

EPSS

2.43%

Percentile

84.92%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-20104 is a vulnerability in Atlassian CrowdPublished on February 6, 2020

Products Associated with CVE-2019-20104

Affected Versions

Exploit Probability

CVE-2019-20104 is a vulnerability in Atlassian Crowd
Published on February 6, 2020