From helpnetsecurity.com
A researcher has released proof-of-concept code for a critical code execution vulnerability (CVE-2019-11580) in Atlassian Crowd, a centralized identity management solution providing single sign-on and user identity.
Atlassian plugged the hole in late May, but administrators that failed to implement it should consider doing so now, as full-fledged exploits are likely to pop up soon.