Aside from this patched vulnerability, Command Five is also aware of at least another critical vulnerability in Atlassian Crowd that hasn't been fixed yet. That vulnerability could be classified as a backdoor and allows unauthenticated attackers to take full control of any Crowd server they can access over the network, the researchers said.
Successful exploitation of the yet-to-be-patched vulnerability "invariably results" in the compromise of all active Crowd application credentials, user credentials, accessible data storage, configured directories and dependent secure systems, they said.
Atlassian didn't immediately respond to a request for comment.
Sign up for Computerworld eNewsletters.