14 DAY TRIAL // Security consultancy company Command Five has released an advisory to reveal the existence of vulnerabilities in Atlassian’s single sign-on and secure user authentication solution Crowd.
According to researchers, there’s at least one critical security hole (CVE-2013-3926) in Crowd that hasn’t been addressed by Atlassian. However, Atlassian representatives say they haven’t been able to confirm its existence.
“We've been unable to substantiate the existence of the second alleged vulnerability, designated CVE-2013-3926. The author of the report has not contacted Atlassian, making it difficult to validate the claim,” the company stated.
“While we've been unable to confirm the existence of the second vulnerability, we take it seriously and have reached out to the author directly for more details. If we can confirm there is a vulnerability, a patch will be issued and all Crowd customers will be emailed details for how to update.”