Home>Article>Atlassian Crowd critical vulnerability: how do you fix it?
  • Article
  • Jul.17.2013

Atlassian Crowd critical vulnerability: how do you fix it?

  • Atlassian tips and tricks
  • Jul.17.2013
  • Reading time mins

crowd_300x141

We have learnt that an important security vulnerability has been discovered on Atlassian Crowd.

This vulnerability affects all Standalone versions prior to 2.6.3 (released on June 24th 2013 and fixing this issue) – 2.5.4 excluded.

You will find all technical details in this report from CommandFive. This vulnerability can be exploited by anyone accessing your Crowd REST API, you are particularly impacted if your Crowd server is available on internet.

Ths JIRA issue referring to this problem is here: https://jira.atlassian.com/browse/CWD-3366.

To fix this issue, you can:

  • Apply a patch available on Crowd 2.1.2 and upwards (patch instructions detailed on Atlassian ticket)
  • Do a Crowd upgrade to 2.5.4 or 2.6.3 (mandatory if you use a Crowd version older than 2.1.2)

For all information related to patch instructions you can reach Atlassian via support.atlassian.com.

Related resources

View all resources
chevron_right

Preparing for FY25 Data Center Pricing Changes: What You Need to Know

Starting February 11, 2025, Atlassian will be updating Data Center pricing and user tiers for Jira Software, Confluence, and Jira Service Management. Learn more about the impacts for your organization and how to prepare with Valiantys.

 

 

chevron_right
HEADING CLOUD

Atlassian Cloud Pricing Update: What’s Changing in October 2024

Starting in October 2024, Atlassian is updating its Cloud pricing and offerings. Learn more about the impacts for your organization and how to prepare with Valiantys.

chevron_right

Building Effective Product Roadmaps with Jira Product Discovery

Product managers today wrestle with ensuring their products align with market needs while grappling with fragmented tools and rising expectations from leadership.

View all resources