Atlassian Crowd - Remote Code Execution (CVE-2019-11580)
- Severity
- CVSSv3 Score
- 9.8
- Exploitable with Sniper
- Yes
- Vulnerability description
Atlassian Crowd is affected a Remote Code Execution vulnerability. The root cause of this vulnerability consists in the pdkinstall development plugin incorrectly enabled. This allows a specially crafted request to install an arbitrary plugin via the Upload Plugin endpoint (POST
/crowd/admin/uploadplugin.action
). An attacker can install a plugin that contains a webshell file placed to the/crowd/plugins/servlet
endpoint of Crowd which can allow for Remote Code Execution.- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware, or pivot to the internal network.
- Recommendation
Upgrade the Atlassian Crowd to the latest version.
- References
https://nvd.nist.gov/vuln/detail/cve-2019-11580
https://confluence.atlassian.com/crowd/crowd-security-advisory-2019-05-22-970260700.html
- Detectable with
- Network Scanner
- Vuln date
- Jun 2019
- Published at
- Updated at
- Software Type
- Web framework
- Vendor
- Atlassian
- Product
- Crowd
- Codename
- Not available