SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Atlassian Crowd Remote Code Execution Postinfection

Category: WEB-ATTACKS      

Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center.


Relevant Information