Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path.
This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default.
The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3
                
            Metrics
Affected Vendors & Products
References
        | Link | Providers | 
|---|---|
| https://jira.atlassian.com/browse/CWD-5888 |     | 
History
                    Wed, 02 Oct 2024 15:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: atlassian
Published: 2022-11-17T00:00:01.315Z
Updated: 2024-10-02T15:05:47.174Z
Reserved: 2022-10-26T14:49:11.115Z
Link: CVE-2022-43782
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-03T13:40:06.314Z
 NVD
                        NVD
                    Status : Modified
Published: 2022-11-17T00:15:18.640
Modified: 2024-11-21T07:27:14.780
Link: CVE-2022-43782
 Redhat
                        Redhat
                    No data.