Lucene search

[email protected]CVE-2021-43957

HistoryMar 16, 2022 - 1:15 a.m.

CVE-2021-43957

2022-03-1601:15:00

CWE-639

[email protected]

web.nvd.nist.gov

cve-2021-43957

atlassian

fisheye

crucible

idor

vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.7%

JSON

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9.

CPENameOperatorVersion
atlassian:crucibleatlassian cruciblelt4.8.9
atlassian:fisheyeatlassian fisheyelt4.8.9

CPE	Name	Operator	Version
atlassian:crucible	atlassian crucible	lt	4.8.9
atlassian:fisheye	atlassian fisheye	lt	4.8.9

References

jira.atlassian.com/browse/CRUC-8524

jira.atlassian.com/browse/FE-7388

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.7%

JSON

Related for CVE-2021-43957

cvelist2 prion2 atlassian6 cnvd1 cve1