The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability.
Weakness
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Crowd | Atlassian | * | 3.2.11 (excluding) |
| Crowd | Atlassian | 3.3.0 (including) | 3.3.8 (excluding) |
| Crowd | Atlassian | 3.4.0 (including) | 3.4.7 (excluding) |
| Crowd | Atlassian | 3.5.0 (including) | 3.5.2 (excluding) |
| Crowd | Atlassian | 3.6.0 (including) | 3.6.2 (excluding) |
| Crowd | Atlassian | 3.6.3 (including) | 3.7.1 (excluding) |
| Crowd | Atlassian | 3.7.2 (including) | 4.0.0 (excluding) |
Potential Mitigations
Related Attack Patterns
References
- https://jira.atlassian.com/browse/CWD-5526
- https://zeroauth.ltd/blog/2020/02/07/cve-2019-20104-atlassian-crowd-openid-client-vulnerable-to-remote-dos-via-xml-entity-expansion/
- https://jira.atlassian.com/browse/CWD-5526
- https://zeroauth.ltd/blog/2020/02/07/cve-2019-20104-atlassian-crowd-openid-client-vulnerable-to-remote-dos-via-xml-entity-expansion/