Volerion logoVolerion
Volerion logoVolerion

Atlassian Crowd XXE Vulnerability Allows Access to Local and Remote Content

Vulnerability

A high-severity XML External Entity (XXE) injection vulnerability has been identified in Atlassian Crowd Data Center and Server versions 7.1.0 to 7.1.2, as well as 6.3.0 to 6.3.3. This vulnerability allows authenticated attackers to access both local and remote content, significantly impacting confidentiality and availability, while having a minor effect on integrity. The issue requires no user interaction.

Impact

Exploitation of this vulnerability could lead to unauthorized access to local and remote content, with a high impact on availability and confidentiality, and a low impact on integrity.

Remediation

Users are advised to upgrade to Crowd Data Center and Server version 7.1.3 or later. For those using version 6.3.x, upgrade to version 6.3.4. The latest version can be downloaded from the Atlassian Crowd Download Archive.

Added: Jan 28, 2026, 1:24 AM
Updated: Jan 28, 2026, 1:24 AM

Vulnerability Rating

Custom Algorithm
spread
5.0
impact
3.8
exploitability
4.8
remediation
7.7
relevance
2.4
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.