Atlassian Crowd Remote Code Execution
Description
Atlassian Crowd and Crowd Data Center versions 2.1.0 through 3.4.3 contain a critical vulnerability where the pdkinstall development plugin was inadvertently left enabled in production builds. This plugin allows installation of arbitrary plugins without proper authorization controls. Attackers can exploit this flaw by sending specially crafted HTTP requests to the vulnerable instance, enabling them to install malicious plugins and achieve remote code execution. The vulnerability affects all 3.x versions prior to their respective patches (3.0.5, 3.1.6, 3.2.8, 3.3.5, and 3.4.4).
Remediation
Immediately upgrade to a patched version of Atlassian Crowd or Crowd Data Center based on your current version:
- For version 3.4.x: Upgrade to version 3.4.4 or later
- For version 3.3.x: Upgrade to version 3.3.5 or later
- For version 3.2.x: Upgrade to version 3.2.8 or later
- For version 3.1.x: Upgrade to version 3.1.6 or later
- For version 3.0.x: Upgrade to version 3.0.5 or later
- For version 2.x: Upgrade to version 3.0.5 or later
Download the latest version from https://www.atlassian.com/software/crowd/download or archived versions from https://www.atlassian.com/software/crowd/download-archive. After upgrading, verify that the pdkinstall plugin is disabled and review system logs for any suspicious plugin installation activity that may indicate prior exploitation.