Crowd: pdkinstall development plugin incorrectly enabled (CVE-2019-11580) Advisory Release Date 10 AM PDT (Pacific Time, -7 hours) Affected Versions 2.1.0 and 3.0.0 of Crowd.Data Center’s Crowd.com are now fixed. The vulnerability was introduced in version 2.0, 2.2.0 for version 3.1x (the fixed version for 31x), from version 31.1 to 3.2x). The vulnerability is a critical security breach.”]
Source: https://confluence.atlassian.com/crowd/crowd-security-advisory-2019-05-22-970260700.html