Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Strike ID:
E20-5x2m1
CVSS:
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
False Positive:
t
Variants:
1
Year:
2019

Description

This strike exploits a vulnerability in Atlassian Crowd and Crowd Data Center due to the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permit remote code execution on systems running a vulnerable version of the application.

CVE

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11580

References

https://github.com/jas502n/CVE-2019-11580