CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000423

An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.7%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 2.1

References

Products affected by CVE-2018-1000423

Atlassian » Crowd2 » Version: N/A

cpe:2.3:a:atlassian:crowd2:-
Atlassian » Crowd2 » Version: 1.0

cpe:2.3:a:atlassian:crowd2:1.0
Atlassian » Crowd2 » Version: 1.1

cpe:2.3:a:atlassian:crowd2:1.1
Atlassian » Crowd2 » Version: 1.2

cpe:2.3:a:atlassian:crowd2:1.2
Atlassian » Crowd2 » Version: 1.3

cpe:2.3:a:atlassian:crowd2:1.3
Atlassian » Crowd2 » Version: 1.4

cpe:2.3:a:atlassian:crowd2:1.4
Atlassian » Crowd2 » Version: 1.5

cpe:2.3:a:atlassian:crowd2:1.5
Atlassian » Crowd2 » Version: 1.6

cpe:2.3:a:atlassian:crowd2:1.6
Atlassian » Crowd2 » Version: 1.7

cpe:2.3:a:atlassian:crowd2:1.7
Atlassian » Crowd2 » Version: 1.8

cpe:2.3:a:atlassian:crowd2:1.8
Atlassian » Crowd2 » Version: 2.0.0

cpe:2.3:a:atlassian:crowd2:2.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000423

Products

Pricing

Contact Us