Insufficient Session Expiration Vulnerability in Atlassian Crowd

Insufficient Session Expiration Vulnerability in Atlassian Crowd

CVE-2018-20238 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:N

Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.

Learn more about our User Device Pen Test.