Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Crowd version 3.4.4 - vulnerability check

Ritaban Bhattacharjee
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 21, 2022

Hi, we have received the below link and checked our product versions

 

https://confluence.atlassian.com/security/multiple-products-security-advisory-cve-2022-26136-cve-2022-26137-1141493031.html

 

We are running on crowd version 3.4.4. Could you please let us know if we are affected by this vulnerability?

1 answer

2 votes
Dave Theodore [Coyote Creek Consulting]
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
July 21, 2022

Yes. From the doc:

  • Versions < 4.3.8

Craig Castle-Mead
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 2, 2022

@Ritaban Bhattacharjee  - Crowd 3.4.4 was released in March 2019 - almost 3.5 years ago. This is a VERY long time in the IT/software space and there have been numerous  other CVE's that your environment will be vulnerable to, not just the one you linked.

The Crowd upgrade process has always been relatively smooth for us (and we run a VERY complicated setup), so apart from the tiny downtime window you'll need to schedule to action the upgrade, it should be a smooth process. We run Crowd DC with multiple nodes and Puppet to manage our configuration files and we've got our total downtime for an upgrade to ~ 30 seconds (an A/B approach where we take one node offline, upgrade the application/apply the config changes, begin the outage by shutting down the second/final node and as soon as that node has completed, we start the app one the first node ending the outage, we then can action the same steps on the second node and bring it back online to bring us back in to a state of higher availability)

 

CCM

Like Steffen Opel [Utoolity] likes this

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events