Lucene search

Security-metrics-botFE-7286

HistoryApr 16, 2020 - 7:46 p.m.

Information disclosure in the /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin - CVE-2020-4017

2020-04-1619:46:20

security-metrics-bot

jira.atlassian.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

58.5%

JSON

The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability.

Affected configurations

Vulners

Node

atlassianfisheyeRange≤4.8.0

atlassianfisheyeRange<4.8.1

VendorProductVersionCPE
atlassianfisheye*cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
atlassian	fisheye	*	cpe:2.3:a:atlassian:fisheye::::::::

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

58.5%

JSON

Related for FE-7286