The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.
[
{
"product": "Atlassian Fisheye and Crucible",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.4.1"
}
]
}
]