CVE-2016-10740

CWE-200Information Exposure3 documents3 sources
Severity
4.9MEDIUM
EPSS
0.2%
top 59.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Atlassian Crowd
Timeline
PublishedJan 29
Latest updateMay 14

Description

Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages1 packages

NVDatlassian/crowd< 2.10.1

🔴Vulnerability Details

2
GHSA
GHSA-vq67-257h-qpjj: Various resources in Atlassian Crowd before version 22022-05-14
CVEList
CVE-2016-10740: Various resources in Atlassian Crowd before version 22019-01-29
CVE-2016-10740 (MEDIUM CVSS 4.9) | Various resources in Atlassian Crow | cvebase.io