DoS vulnerability in MessageBundleResource - CVE-2020-14191
2020-11-19T00:22:24
ID ATLASSIAN:CRUC-8501 Type atlassian Reporter ablack@atlassian.com Modified 2021-01-18T00:18:26
Description
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets.
The affected versions are before version 4.8.4.
Affected versions:
version < 4.8.4
Fixed versions:
4.8.4
4.9.0
{"id": "ATLASSIAN:CRUC-8501", "bulletinFamily": "software", "title": "DoS vulnerability in MessageBundleResource - CVE-2020-14191", "description": "Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets.\r\n\r\nThe affected versions are before version 4.8.4.\r\n\r\n*Affected versions:*\r\n\r\n * version < 4.8.4\r\n\r\n*Fixed versions:*\r\n\r\n * 4.8.4\r\n * 4.9.0\r\n", "published": "2020-11-19T00:22:24", "modified": "2021-01-18T00:18:26", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://jira.atlassian.com/browse/CRUC-8501", "reporter": "ablack@atlassian.com", "references": [], "cvelist": ["CVE-2020-14191"], "type": "atlassian", "lastseen": "2021-01-18T03:34:32", "edition": 5, "viewCount": 30, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-14191"]}, {"type": "atlassian", "idList": ["ATLASSIAN:FE-7332"]}], "modified": "2021-01-18T03:34:32", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-01-18T03:34:32", "rev": 2}, "vulnersScore": 5.4}, "affectedSoftware": [{"name": "crucible", "operator": "lt", "version": "4.9.0"}, {"name": "crucible", "operator": "lt", "version": "4.8.4"}, {"name": "crucible", "operator": "le", "version": "4.8.3"}], "scheme": null}
{"cve": [{"lastseen": "2021-02-02T07:36:59", "description": "Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-11-25T22:15:00", "title": "CVE-2020-14191", "type": "cve", "cwe": ["CWE-862"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14191"], "modified": "2020-11-30T19:26:00", "cpe": [], "id": "CVE-2020-14191", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14191", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}], "atlassian": [{"lastseen": "2021-01-18T03:34:36", "bulletinFamily": "software", "cvelist": ["CVE-2020-14191"], "description": "Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets.\r\n\r\nThe affected versions are before version 4.8.4.\r\n\r\n*Affected versions:*\r\n\r\n * version < 4.8.4\r\n\r\n*Fixed versions:*\r\n\r\n * 4.8.4\r\n * 4.9.0\r\n", "edition": 4, "modified": "2021-01-18T00:18:29", "published": "2020-11-19T00:18:32", "id": "ATLASSIAN:FE-7332", "href": "https://jira.atlassian.com/browse/FE-7332", "title": "DoS vulnerability in MessageBundleResource - CVE-2020-14191", "type": "atlassian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}