threat
engine
.sh
Back
·
··:··
Home
/
Product
/
atlassian crowd
Product
atlassian crowd
26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-21569
>= 7.1.0 and < 7.1.3
This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7.1.0 of Crowd Data Center and Serv
7.9
HIGH
CVE-2023-22521
>= 3.4.0 and < 5.1.6
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. T
8.8
HIGH
CVE-2022-43782
>= 3.0.0 and < 4.4.4
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and
9.8
CRITICAL
CVE-2022-26137
< 4.3.8
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be
8.8
HIGH
CVE-2022-26136
< 4.3.8
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first a
9.8
CRITICAL
CVE-2020-36240
< 4.0.4
The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated r
5.3
MEDIUM
CVE-2019-20902
< 3.4.6
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version
7.5
HIGH
CVE-2019-20104
< 3.2.11
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers
7.5
HIGH
CVE-2017-18107
< 3.1.1
Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modi
6.5
MEDIUM
CVE-2019-15005
< 3.6.0
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic lo
4.3
MEDIUM
CVE-2019-11580
>= 2.1.0 and < 3.0.5
Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who c
9.8
CRITICAL
CVE-2018-20239
< 3.4.3
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 bef
5.4
MEDIUM
CVE-2017-18110
< 3.0.2
The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 all
6.5
MEDIUM
CVE-2017-18109
< 3.0.2
The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote at
6.1
MEDIUM
CVE-2017-18108
< 2.10.2
The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administratio
7.2
HIGH
CVE-2017-18106
< 2.9.1
The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash
7.5
HIGH
CVE-2017-18105
< 3.0.2
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attac
8.1
HIGH
CVE-2018-20238
< 3.2.7
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers
8.1
HIGH
CVE-2016-10740
< 2.10.1
Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the password
4.9
MEDIUM
CVE-2018-1000423
<= 2.0.0
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecur
7.8
HIGH
CVE-2018-1000422
<= 2.0.0
An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java
6.5
MEDIUM
CVE-2017-16858
>= 1.5.0 and < 3.1.2
The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before versio
6.8
MEDIUM
CVE-2016-6496
<= 2.8.4
The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary c
9.8
CRITICAL
CVE-2013-3926
all versions
Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to a "symmetric backdo
CVE-2013-3925
all versions
Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send
CVE-2012-2926
< 2.0.9
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8,
9.1
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin