Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2019-02-13T18:00:00Z

Updated: 2024-09-16T20:41:48.136Z

Reserved: 2018-12-19T00:00:00

Link: CVE-2018-20238

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2019-02-13T18:29:00.697

Modified: 2019-02-26T15:42:57.773

Link: CVE-2018-20238

cve-icon Redhat

No data.