CVE-2019-11580

CRITICAL KEV RANSOMWARE NUCLEI

Atlassian Crowd <3.0.5 - RCE

Title source: llm

Description

Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.

Exploits (4)

nomisec WORKING POC 106 stars
by jas502n · remote
https://github.com/jas502n/CVE-2019-11580
nomisec WORKING POC 6 stars
by shelld3v · remote
https://github.com/shelld3v/CVE-2019-11580
gitlab WORKING POC
by zeroauth · remote-auth
https://gitlab.com/zeroauth/cve-2019-11580_poc_exploit
metasploit WORKING POC EXCELLENT
by Paul, Corben Leo, Grant Willcox · rubypocjava
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/atlassian_crowd_pdkinstall_plugin_upload_rce.rb

Nuclei Templates (1)

Atlassian Crowd and Crowd Data Center - Unauthenticated Remote Code Execution
CRITICALby dwisiswant0
Shodan: http.component:"Atlassian Jira" || http.component:"atlassian jira"

References (4)

Scores

CVSS v3 9.8
EPSS 0.9439
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2021-11-03
VulnCheck KEV 2020-10-20
InTheWild.io 2021-07-23
ENISA EUVD EUVD-2019-3250
Ransomware Use Confirmed

Classification

Status published

Affected Products (1)

atlassian/crowd < 3.0.5

Timeline

Published Jun 03, 2019
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026