Lucene search
AtlassianCVELIST:CVE-2017-18035HistoryJan 18, 2018 - 12:00 a.m.
CVE-2017-18035
2018-01-1800:00:00
CWE-284
atlassian
www.cve.org
The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.
CNA Affected
[
{
"product": "Fisheye and Crucible",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "prior to 4.5.1 and 4.6.0"
}
]
}
]Related
atlassian
atlassian
Missing permission check in review coverage REST endpoint - CVE-2017-18035
2018-01-18 10:44:18
Missing permission check in review coverage REST endpoint - CVE-2017-18035
2018-01-18 10:54:06
Missing permission check in review coverage REST endpoint - CVE-2017-18035
2018-01-18 10:44:18
cve
cve
CVE-2017-18035
2018-02-02 14:29:00
nvd
nvd
CVE-2017-18035
2018-02-02 14:29:00
prion
prion
Design/Logic Flaw
2018-02-02 14:29:00