| |
Vulnerability CVE-2016-10740
Published: 2019-01-28 Modified: 2019-01-29
| Description: |
Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources. |
Type:
CWE-200 (Information Exposure)
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4/10 |
2.9/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
https://jira.atlassian.com/browse/CWD-5060
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
