Description
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets.
The affected versions are before version 4.8.4.
*Affected versions:*
* version < 4.8.4
*Fixed versions:*
* 4.8.4
* 4.9.0
Affected Software
Related
{"id": "FE-7332", "vendorId": null, "type": "atlassian", "bulletinFamily": "software", "title": "DoS vulnerability in MessageBundleResource - CVE-2020-14191", "description": "Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets.\r\n\r\nThe affected versions are before version 4.8.4.\r\n\r\n*Affected versions:*\r\n\r\n * version < 4.8.4\r\n\r\n*Fixed versions:*\r\n\r\n * 4.8.4\r\n * 4.9.0\r\n", "published": "2020-11-19T00:18:32", "modified": "2021-03-16T11:10:47", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://jira.atlassian.com/browse/FE-7332", "reporter": "ablack@atlassian.com", "references": [], "cvelist": ["CVE-2020-14191"], "immutableFields": [], "lastseen": "2022-01-05T06:36:15", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "atlassian", "idList": ["ATLASSIAN:CRUC-8501", "ATLASSIAN:FE-7332", "CRUC-8501"]}, {"type": "cve", "idList": ["CVE-2020-14191"]}], "rev": 4}, "score": {"value": 6.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "atlassian", "idList": ["ATLASSIAN:CRUC-8501", "ATLASSIAN:FE-7332"]}, {"type": "cve", "idList": ["CVE-2020-14191"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231014635"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "fisheye", "version": 4}, {"name": "fisheye", "version": 4}]}, "epss": [{"cve": "CVE-2020-14191", "epss": "0.001460000", "percentile": "0.488120000", "modified": "2023-03-18"}], "vulnersScore": 6.8}, "_state": {"dependencies": 1678920471, "score": 1678917189, "affected_software_major_version": 0, "epss": 1679174273}, "_internal": {"score_hash": "678d33f71f7e837e081f2b767193979f"}, "affectedSoftware": [{"version": "4.8.3", "operator": "le", "name": "fisheye"}, {"version": "4.8.4", "operator": "lt", "name": "fisheye"}]}
{"atlassian": [{"lastseen": "2022-01-05T06:41:35", "description": "Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets.\r\n\r\nThe affected versions are before version 4.8.4.\r\n\r\n*Affected versions:*\r\n\r\n * version < 4.8.4\r\n\r\n*Fixed versions:*\r\n\r\n * 4.8.4\r\n * 4.9.0\r\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-11-19T00:22:24", "type": "atlassian", "title": "DoS vulnerability in MessageBundleResource - CVE-2020-14191", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14191"], "modified": "2021-03-16T11:10:05", "id": "CRUC-8501", "href": "https://jira.atlassian.com/browse/CRUC-8501", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:40:48", "description": "Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets.\r\n\r\nThe affected versions are before version 4.8.4.\r\n\r\n*Affected versions:*\r\n\r\n * version < 4.8.4\r\n\r\n*Fixed versions:*\r\n\r\n * 4.8.4\r\n * 4.9.0\r\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-11-19T00:22:24", "type": "atlassian", "title": "DoS vulnerability in MessageBundleResource - CVE-2020-14191", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14191"], "modified": "2021-03-16T11:10:05", "id": "ATLASSIAN:CRUC-8501", "href": "https://jira.atlassian.com/browse/CRUC-8501", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:40:42", "description": "Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets.\r\n\r\nThe affected versions are before version 4.8.4.\r\n\r\n*Affected versions:*\r\n\r\n * version < 4.8.4\r\n\r\n*Fixed versions:*\r\n\r\n * 4.8.4\r\n * 4.9.0\r\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-11-19T00:18:32", "type": "atlassian", "title": "DoS vulnerability in MessageBundleResource - CVE-2020-14191", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14191"], "modified": "2021-03-16T11:10:47", "id": "ATLASSIAN:FE-7332", "href": "https://jira.atlassian.com/browse/FE-7332", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-02-09T15:04:17", "description": "Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-25T22:15:00", "type": "cve", "title": "CVE-2020-14191", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14191"], "modified": "2021-07-21T11:39:00", "cpe": [], "id": "CVE-2020-14191", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14191", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}]}
DoS vulnerability in MessageBundleResource - CVE-2020-14191
