CVE-2019-20104

High

The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to…

atlassian·CWE-776·Published 2020-02-06

CVSS

7.5

EPSS

0.02

KEV

Exploits

cve.orgen

211 chars

The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability.

NVDen

211 chars

NVDes

261 chars

La aplicación de cliente OpenID en Atlassian Crowd antes de la versión 3.6.2 y desde la versión 3.7.0 anteriores a 3.7.1, permite a atacantes remotos llevar a cabo un ataque de Denegación de Servicio por medio de una vulnerabilidad de tipo XML Entity Expansion.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H