Atlassian CrowdÔ¶³ÌÏÂÁîÖ´ÐÐÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-07-17

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-11580£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬CVSS·ÖÖµ£º9.8


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾
Atlassian Crowd 3.4.3
Atlassian Crowd 3.4
Atlassian Crowd 3.3.4
Atlassian Crowd 3.3.3
Atlassian Crowd 3.3.1
Atlassian Crowd 3.3
Atlassian Crowd 3.2.1 - 3.2.7
Atlassian Crowd 3.2
Atlassian Crowd 3.1.5
Atlassian Crowd 3.1
Atlassian Crowd 3.0.4
Atlassian Crowd 2.11.1
Atlassian Crowd 2.11
Atlassian Crowd 2.10.3
Atlassian Crowd 2.10.1
Atlassian Crowd 2.9.7
Atlassian Crowd 2.9.1 - 2.9.5
Atlassian Crowd 2.9
Atlassian Crowd 2.8.8
Atlassian Crowd 2.8.3
Atlassian Crowd 2.7
Atlassian Crowd 2.6.0 - 2.6.3
Atlassian Crowd 2.5.3 - 2.5.4
Atlassian Crowd 2.5.0 - 2.5.2
Atlassian Crowd 2.4.9
Atlassian Crowd 2.4.1
Atlassian Crowd 2.4
Atlassian Crowd 2.3.6 - 2.3.8
Atlassian Crowd 2.3.1 - 2.3.4
Atlassian Crowd 2.2.9
Atlassian Crowd 2.2.7
Atlassian Crowd 2.2.4
Atlassian Crowd 2.2.2
Atlassian Crowd 2.1.1 - 2.1.2

Atlassian Crowd 2.1


Îó²î¸ÅÊö


CrowdÊÇÒ»¸ö¼òÆÓÒ×Óõļòµ¥µÇ¼ºÍÓû§¹ÜÀíÈí¼þ£¬ÎªÓû§Ìṩһ×éÓû§ÃûºÍÃÜÂëÀ´µÇ¼ÐèÒª»á¼ûµÄËùÓÐÓ¦Óà ¡£Î޷켯³É Jira¡¢Confluence ºÍ Bitbucket µÈËùÓÐ Atlassian ²úÆ·£¬ÎªÓû§Ìṩ¼òµ¥µÇ¼ (SSO) ÌåÑé ¡£¼¯Öжà¸öĿ¼£¬½«í§ÒâĿ¼×éºÏÓ³Éäµ½µ¥¸öÓ¦Óã¬È»ºóÔÚͳһλÖùÜÀíÉí·ÝÑé֤ȨÏÞ ¡£ÊÊÓÃÓÚ AD¡¢LDAP¡¢Microsoft Azure AD¡¢Novell eDirectory µÈµÄÅþÁ¬Æ÷ ¡£


Atlassian Crowd±£´æÔ¶³ÌÏÂÁîÖ´ÐÐÎó²î£¬´ËÎó²îÓÉÓÚAtlassian CrowdµÄcom.atlassian.pdkinstall.PdkInstallFilterÔÊÐí¹¥»÷ÕßÔÚ/admin/uploadplugin.action·¾¶ÏÂʹÓÃMultipartÃûÌÃÉÏ´«Îļþ£¬¹¥»÷Õß¿ÉÒÔʹÓô˷½·¨Ïò·þÎñÆ÷ÉÏ´«¶ñÒâÎļþ,»ñÈ¡·þÎñÆ÷ȨÏÞ,ʵÏÖÔ¶³ÌÏÂÁîÖ´ÐÐÎó²îµÄʹÓà ¡£


ÏÖÔÚ¾Ýͳ¼Æ,ÔÚÈ«Çò¹æÄ£ÄÚ¶Ô»¥ÁªÍø¿ª·ÅAtlassian CrowdµÄ×ʲúÊýÄ¿¶à´ï14,225̨£¬Öйú610̨£¬ÂþÑÜÈçÏ£º 

×ðÁú¿­Ê± - ÈËÉú¾ÍÊDz«!


Îó²îÑéÖ¤


´î½¨ Atlassian Crowd 3.2.3ÇéÐÎ ¡£ÔÚ/crowd/admin/uploadplugin.action·¾¶Ï½ṹMultipartÀàÐÍÇëÇó°ü£¬ÔÚfile_cdl²ÎÊýÖд«ÈëÒªÉÏ´«µÄÎļþ£¬×îÖÕЧ¹ûÈçÏÂͼËùʾ£º

×ðÁú¿­Ê± - ÈËÉú¾ÍÊDz«!


ÐÞ¸´½¨Òé


ÏÖÔÚÒÑÐû²¼Ð°汾£¬Éý¼¶µ½Crowd¶ÔÓ¦µÄ×îа汾3.4.4£¬3.3.5£¬3.2.8£¬3.1.6£¬ 3.0.5 ¡£ÏÂÔØÁ´½Ó£ºhttps://www.atlassian.com/software/crowd/download ¡£


²Î¿¼Á´½Ó


https://confluence.atlassian.com/crowd/crowd-security-advisory-2019-05-22-970260700.html