Webinar "Modernizing ways of working in the Cloud" | September 29 - Join us to discuss trends, tactics and strategies to help you best harness the Atlassian Cloud. Register now

Valiantys logo

Atlassian Crowd critical vulnerability: how do you fix it?


We have learnt that an important security vulnerability has been discovered on Atlassian Crowd.

This vulnerability affects all Standalone versions prior to 2.6.3 (released on June 24th 2013 and fixing this issue) – 2.5.4 excluded.

You will find all technical details in this report from CommandFive. This vulnerability can be exploited by anyone accessing your Crowd REST API, you are particularly impacted if your Crowd server is available on internet.

Ths JIRA issue referring to this problem is here: https://jira.atlassian.com/browse/CWD-3366.

To fix this issue, you can:

  • Apply a patch available on Crowd 2.1.2 and upwards (patch instructions detailed on Atlassian ticket)
  • Do a Crowd upgrade to 2.5.4 or 2.6.3 (mandatory if you use a Crowd version older than 2.1.2)

For all information related to patch instructions you can reach Atlassian via support.atlassian.com.

Cutted Triangle

Subscribe to the Valiantys Newsletter

Registered request ! Subscribing... This is not an email An error occured

In accordance with our privacy policy, we are committed to respecting your personal data.

Contact us

Our Atlassian certified consultants will be happy to answer you.

Join us

We're building the next dream team - Are you in?

Follow us