CVE-2019-11580

KEV
Published: Giu 03, 2019 Last Modified: Ott 24, 2025
ExploitDB:
Other exploit source:
Google Dorks:
CRITICAL 9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH 7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,9439
Percentile
1,0th
Updated

EPSS Score Trend (Last 90 Days)

Application

Crowd by Atlassian

Product Information
Vendor Atlassian
Product Crowd
Version Range Affected
From 3.1.0 (inclusive)
To 3.1.6 (exclusive)
cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Crowd by Atlassian

Product Information
Vendor Atlassian
Product Crowd
Version Range Affected
From 2.1.0 (inclusive)
To 3.0.5 (exclusive)
cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Crowd by Atlassian

Product Information
Vendor Atlassian
Product Crowd
Version Range Affected
From 3.4.0 (inclusive)
To 3.4.4 (exclusive)
cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Crowd by Atlassian

Product Information
Vendor Atlassian
Product Crowd
Version Range Affected
From 3.2.0 (inclusive)
To 3.2.8 (exclusive)
cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Crowd by Atlassian

Product Information
Vendor Atlassian
Product Crowd
Version Range Affected
From 3.3.0 (inclusive)
To 3.3.5 (exclusive)
cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalo…
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019…
http://packetstormsecurity.com/files/163810/Atlassian-Crowd…
http://packetstormsecurity.com/files/163810/Atlassian-Crowd-pdkinstall-Remote-C…
https://jira.atlassian.com/browse/CWD-5388
https://jira.atlassian.com/browse/CWD-5388
http://www.securityfocus.com/bid/108637
http://www.securityfocus.com/bid/108637
http://packetstormsecurity.com/files/163810/Atlassian-Crowd…
http://packetstormsecurity.com/files/163810/Atlassian-Crowd-pdkinstall-Remote-C…
https://jira.atlassian.com/browse/CWD-5388
https://jira.atlassian.com/browse/CWD-5388
http://www.securityfocus.com/bid/108637
http://www.securityfocus.com/bid/108637