Main Vulnerability Database Vulnerabilities #VU18716

#VU18716 Exposed dangerous method or function in Crowd Server - CVE-2019-11580

Published: June 7, 2019 / Updated: August 12, 2021

Vulnerability identifier: #VU18716

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2019-11580

CWE-ID: CWE-749

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Crowd Server

Software vendor:
Atlassian

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to incorrectly enabled pdkinstall development plugin in release builds. A remote unauthenticated attacker can install arbitrary plugin and gain full control over the affected system.

Successful exploitation of the vulnerability may allow remote code execution.

Remediation

Install updates from vendor's website.

External links

https://jira.atlassian.com/browse/CWD-5388

#VU18716 Exposed dangerous method or function in Crowd Server - CVE-2019-11580

Description

Remediation

External links

Please verify you're human