CVE-2017-18106

Published: Mar 29, 2019

Modified: Sep 16, 2024

PUBLISHED

Description

The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash.

Vendor	Product	Versions
Atlassian	Crowd	affected `unspecified - < 2.9.1`

References

https://jira.atlassian.com/browse/CWD-5061

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-18106

Description

Affected Products

References