A researcher has released proof-of-concept code for a critical code execution vulnerability (CVE-2019-11580) in Atlassian Crowd, a centralized identity management solution providing single sign-on and user identity.
Atlassian plugged the hole in late May, but administrators that failed to implement it should consider doing so now, as full-fledged exploits are likely to pop up soon.
About the vulnerability (CVE-2019-11580)
Atlassian Crowd allows enterprise admins to manage users from Active Directory, LDAP, OpenLDAP or Microsoft Azure AD and control application authentication permissions in one single location. Users are given one set of login credentials to log into all the applications they need to access and use.
The flaw arose due to a development ..
Support the originator by clicking the read the rest link below.
