Insufficient Session Expiration Vulnerability in Atlassian Crowd
CVE-2018-20238 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:N
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.
Learn more about our User Device Pen Test.