Attacker Value

Unknown

(1 user assessed)

Exploitability

Unknown

(1 user assessed)

User Interaction

CVE-2019-11580

Disclosure Date: June 03, 2019 •

CVE-2019-11580 CVSS v3 Base Score: 9.8

Exploited in the Wild

Reported by gwillcox-r7 and 1 more...
View Source Details

Metasploit Module

exploit/multi/http/atlassian_crowd_pdkinstall_plugin_upload_rce

Description

Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.

Add Assessment

gwillcox-r7 (579)

October 20, 2020 6:56pm UTC (4 years ago)

Technical Analysis

This is now supposedly being exploited in the wild by Chinese state actors according to this NSA announcement: https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

atlassian

Products

crowd

Metasploit Modules

exploit/multi/http/atlassian_crowd_pdkinstall_plugin_upload_rce (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/atlassian_crowd_pdkinstall_plugin_upload_rce.rb)

Exploited in the Wild

Reported by:

gwillcox-r7 indicated sources as

Government or Industry Alert (https://us-cert.cisa.gov/ncas/alerts/aa21-209a)
Other: 2020 Most Exploited Vulnerabilities (https://www.ic3.gov/Media/News/2021/210728.pdf)

Reported: October 20, 2020 6:56pm UTC (4 years ago) • Edited 2 years ago

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:13am UTC (2 weeks ago)

References

Canonical

CVE-2019-11580 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11580)

BID-108637 (http://www.securityfocus.com/bid/108637)

Miscellaneous

https://jira.atlassian.com/browse/CWD-5388

http://packetstormsecurity.com/files/163810/Atlassian-Crowd-pdkinstall-Remote-Code-Execution.html

Rapid7

Unknown

CVE-2019-11580

Unknown

Unknown

None

None

Network

CVE-2019-11580

Description

Add Assessment

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2019-11580

Unknown

Unknown

None

None

Network

CVE-2019-11580

Description

Add Assessment

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification