Atlassian CrowdÔ¶³ÌÏÂÁîÖ´ÐÐÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-07-17

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-11580 £¬Î£ÏÕ¼¶±ð£ºÑÏÖØ £¬CVSS·ÖÖµ£º9.8


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾
Atlassian Crowd 3.4.3
Atlassian Crowd 3.4
Atlassian Crowd 3.3.4
Atlassian Crowd 3.3.3
Atlassian Crowd 3.3.1
Atlassian Crowd 3.3
Atlassian Crowd 3.2.1 - 3.2.7
Atlassian Crowd 3.2
Atlassian Crowd 3.1.5
Atlassian Crowd 3.1
Atlassian Crowd 3.0.4
Atlassian Crowd 2.11.1
Atlassian Crowd 2.11
Atlassian Crowd 2.10.3
Atlassian Crowd 2.10.1
Atlassian Crowd 2.9.7
Atlassian Crowd 2.9.1 - 2.9.5
Atlassian Crowd 2.9
Atlassian Crowd 2.8.8
Atlassian Crowd 2.8.3
Atlassian Crowd 2.7
Atlassian Crowd 2.6.0 - 2.6.3
Atlassian Crowd 2.5.3 - 2.5.4
Atlassian Crowd 2.5.0 - 2.5.2
Atlassian Crowd 2.4.9
Atlassian Crowd 2.4.1
Atlassian Crowd 2.4
Atlassian Crowd 2.3.6 - 2.3.8
Atlassian Crowd 2.3.1 - 2.3.4
Atlassian Crowd 2.2.9
Atlassian Crowd 2.2.7
Atlassian Crowd 2.2.4
Atlassian Crowd 2.2.2
Atlassian Crowd 2.1.1 - 2.1.2

Atlassian Crowd 2.1


Îó²î¸ÅÊö


CrowdÊÇÒ»¸ö¼òÆÓÒ×Óõļòµ¥µÇ¼ºÍÓû§ÖÎÀíÈí¼þ £¬ÎªÓû§Ìṩһ×éÓû§ÃûºÍÃÜÂëÀ´µÇ¼ÐèÒª»á¼ûµÄËùÓÐÓ¦Óá£Î޷켯³É Jira¡¢Confluence ºÍ Bitbucket µÈËùÓÐ Atlassian ²úÆ· £¬ÎªÓû§Ìṩ¼òµ¥µÇ¼ (SSO) ÌåÑé¡£¼¯Öжà¸öĿ¼ £¬½«í§ÒâĿ¼×éºÏÓ³Éäµ½µ¥¸öÓ¦Óà £¬È»ºóÔÚͳһλÖÃÖÎÀíÉí·ÝÑé֤ȨÏÞ¡£ÊÊÓÃÓÚ AD¡¢LDAP¡¢Microsoft Azure AD¡¢Novell eDirectory µÈµÄÅþÁ¬Æ÷¡£


Atlassian Crowd±£´æÔ¶³ÌÏÂÁîÖ´ÐÐÎó²î £¬´ËÎó²îÓÉÓÚAtlassian CrowdµÄcom.atlassian.pdkinstall.PdkInstallFilterÔÊÐí¹¥»÷ÕßÔÚ/admin/uploadplugin.action·¾¶ÏÂʹÓÃMultipartÃûÌÃÉÏ´«Îļþ £¬¹¥»÷Õß¿ÉÒÔʹÓô˷½·¨Ïò·þÎñÆ÷ÉÏ´«¶ñÒâÎļþ,»ñÈ¡·þÎñÆ÷ȨÏÞ,ʵÏÖÔ¶³ÌÏÂÁîÖ´ÐÐÎó²îµÄʹÓá£


ÏÖÔÚ¾Ýͳ¼Æ,ÔÚÈ«Çò¹æÄ£ÄÚ¶Ô»¥ÁªÍø¿ª·ÅAtlassian CrowdµÄ×ʲúÊýÄ¿¶à´ï14,225̨ £¬Öйú610̨ £¬ÂþÑÜÈçÏ£º 

×ðÁú¿­Ê±¡¤(ÖйúÇø)ÈËÉú¾ÍÊDz«!


Îó²îÑéÖ¤


´î½¨ Atlassian Crowd 3.2.3ÇéÐΡ£ÔÚ/crowd/admin/uploadplugin.action·¾¶Ï½ṹMultipartÀàÐÍÇëÇó°ü £¬ÔÚfile_cdl²ÎÊýÖд«ÈëÒªÉÏ´«µÄÎļþ £¬×îÖÕЧ¹ûÈçÏÂͼËùʾ£º

×ðÁú¿­Ê±¡¤(ÖйúÇø)ÈËÉú¾ÍÊDz«!


ÐÞ¸´½¨Òé


ÏÖÔÚÒÑÐû²¼Ð°汾 £¬Éý¼¶µ½Crowd¶ÔÓ¦µÄ×îа汾3.4.4 £¬3.3.5 £¬3.2.8 £¬3.1.6 £¬ 3.0.5¡£ÏÂÔØÁ´½Ó£ºhttps://www.atlassian.com/software/crowd/download¡£


²Î¿¼Á´½Ó


https://confluence.atlassian.com/crowd/crowd-security-advisory-2019-05-22-970260700.html