CVE-2021-43958

🗓️ 16 Mar 2022 00:55:19Reported by atlassianType

Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2021-43958	16 Mar 202206:20	–	circl
CNNVD	Atlassian Fisheye和Crucible 安全漏洞	15 Mar 202200:00	–	cnnvd
CNVD	Atlassian Fisheye and Crucible Brute Force Exploits	17 Mar 202200:00	–	cnvd
Atlassian	CVE-2021-43958: Various rest resources missing CAPTCHA for failed user login attempts	7 Mar 202208:01	–	atlassian
Atlassian	CVE-2021-43958: Various rest resources missing CAPTCHA for failed user login attempts	7 Mar 202208:01	–	atlassian
Cvelist	CVE-2021-43958	16 Mar 202200:55	–	cvelist
EUVD	EUVD-2021-30820	3 Oct 202520:07	–	euvd
NVD	CVE-2021-43958	16 Mar 202201:15	–	nvd
Prion	Authentication flaw	16 Mar 202201:15	–	prion
Positive Technologies	PT-2022-11956 · Atlassian · Crucible +1	16 Mar 202200:00	–	ptsecurity

NVD

Node

atlassian crucibleRange<4.8.9

atlassian fisheyeRange<4.8.9

[
  {
    "product": "Fisheye",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "4.8.9",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Crucible",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "4.8.9",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jira	www.jira.atlassian.com/browse/CRUC-8523
jira	www.jira.atlassian.com/browse/FE-7387

21 Nov 2024 06:30Current

9.5High risk

Vulners AI Score9.5

CVSS 27.5

CVSS 3.19.8

EPSS0.01276

SSVC

CWE-307