CVE-2017-16858 : The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 bef

The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given the following situation: the Crowd application is bound to directory 1 and has a user called admin and the Google Apps application is bound to directory 2, which also has a user called admin, it was possible to authenticate REST requests using the credentials of the user coming from directory 2 and impersonate the user from directory 1.

Published 2018-01-31 14:29:01

Updated 2019-10-09 23:25:21

Source Atlassian

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Exploit prediction scoring system (EPSS) score for CVE-2017-16858

Probability of exploitation activity in the next 30 days: 0.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 25 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-16858

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:N/AC:M/Au:S/C:P/I:P/A:N	6.8	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
6.8	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N	1.6	5.2	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None

CWE ids for CVE-2017-16858

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

Assigned by: security@atlassian.com (Secondary)

References for CVE-2017-16858

https://jira.atlassian.com/browse/CWD-5009

[CWD-5009] REST endpoint user impersonation using authentication module functionality - CVE-2017-16858 - Create and track feature requests for Atlassian products.
Issue Tracking;Vendor Advisory

Products affected by CVE-2017-16858

Atlassian » Crowd
Versions from including (>=) 1.5.0 and before (<) 3.1.2
cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2017-16858

Exploit prediction scoring system (EPSS) score for CVE-2017-16858

CVSS scores for CVE-2017-16858

CWE ids for CVE-2017-16858

References for CVE-2017-16858

Products affected by CVE-2017-16858