## https://sploitus.com/exploit?id=SAINT:C5566E2B15FDD05B173FA0B2FC67C155
Added: 12/22/2020
### Background
[Atlassian Crowd](<https://www.atlassian.com/software/crowd>) is a single sign-on solution for Atlassian products.
### Problem
Atlassian Crowd and Crowd Data Center incorrectly enabled the pdkinstall development plugin, allowing attackers to install arbitrary plugins, leading to remote code execution.
### Resolution
[Upgrade](<https://www.atlassian.com/software/crowd/download>) to Atlassian Crowd 3.0.5, 3.1.6, 3.2.8, 3.3.5, 3.4.4 or higher.
### References
<https://jira.atlassian.com/browse/CWD-5388>
### Limitations
This exploit creates a servlet which must be manually removed.
### Platforms
Windows
Linux