Lucene search
AslaskiATLASSIAN:CRUC-8163HistoryJan 18, 2018 - 10:44 a.m.
Missing permission check in review coverage REST endpoint - CVE-2017-18035
2018-01-1810:44:18
aslaski
jira.atlassian.com
58
0.001 Low
EPSS
Percentile
31.2%
The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.
h3. Affected versions:
Older than 4.5.1
h3. Fix versions:
4.5.1, 4.6.0
Related
cve
cve
CVE-2017-18035
2018-02-02 14:29:00
nvd
nvd
CVE-2017-18035
2018-02-02 14:29:00
atlassian
atlassian
Missing permission check in review coverage REST endpoint - CVE-2017-18035
2018-01-18 10:54:06
Missing permission check in review coverage REST endpoint - CVE-2017-18035
2018-01-18 10:54:06
Missing permission check in review coverage REST endpoint - CVE-2017-18035
2018-01-18 10:44:18
cvelist
cvelist
CVE-2017-18035
2018-01-18 00:00:00
prion
prion
Design/Logic Flaw
2018-02-02 14:29:00