CVE-2016-10740
MEDIUMAtlassian Crowd < 2.10.1 - Authenticated LDAP Password Exposure via Admin Resource Access
Title source: llmDescription
Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://jira.atlassian.com/browse/CWD-5060
Scores
CVSS v3
4.9
EPSS
0.0019
EPSS Percentile
40.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
atlassian/crowd
< 2.10.1
Published
Jan 29, 2019
Tracked Since
Feb 18, 2026