DoS vulnerability in MessageBundleResource - CVE-2020-14191

2020-11-19T00:22:24
ID ATLASSIAN:CRUC-8501
Type atlassian
Reporter ablack@atlassian.com
Modified 2021-01-18T00:18:26

Description

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets.

The affected versions are before version 4.8.4.

Affected versions:

  • version < 4.8.4

Fixed versions:

  • 4.8.4
  • 4.9.0