Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2019-02-13T18:00:00Z
Updated: 2024-09-16T20:41:48.136Z
Reserved: 2018-12-19T00:00:00
Link: CVE-2018-20238
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-02-13T18:29:00.697
Modified: 2019-02-26T15:42:57.773
Link: CVE-2018-20238
Redhat
No data.