Exploit for #VU18716 Exposed dangerous method or function in Crowd

Exploit for #VU18716 Exposed dangerous method or function in Crowd

Published: 2021-01-18 | Updated: 2021-08-12

Vulnerability identifier: #VU18716

Vulnerability risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2019-11580

CWE-ID: CWE-749

Exploitation vector: Network

Exploits in database: 2

August 12, 2021
- Atlassian Crowd pdkinstall Unauthenticated Plugin Upload RCE [Metasploit]
January 18, 2021
- EXPLOIT_CVE_2019_11580 () [Github]

Impact: Code execution

Vulnerable software:
Crowd
Server applications / Directory software, identity management

Vendor: Atlassian