{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T18:42:10.027","vulnerabilities":[{"cve":{"id":"CVE-2018-20238","sourceIdentifier":"security@atlassian.com","published":"2019-02-13T18:29:00.697","lastModified":"2024-11-21T04:01:08.743","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability."},{"lang":"es","value":"Varios recursos REST en Atlassian Crowd, en versiones anteriores a la 3.2.7 y desde la versión 3.3.0 antes de la 3.3.4, podrían permitir que los atacantes remotos se autentiquen mediante una sesión de usuario caducada mediante una vulnerabilidad de expiración de sesión insuficiente."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.7","matchCriteriaId":"0D9C82D9-D6A5-4150-B73D-A1A4A3CA7DA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.0","versionEndExcluding":"3.3.4","matchCriteriaId":"8BDE6573-6D18-44BC-B0A1-40741FB82896"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/107036","source":"security@atlassian.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://jira.atlassian.com/browse/CWD-5361","source":"security@atlassian.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/107036","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://jira.atlassian.com/browse/CWD-5361","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}