CVE-2020-14190

2020-11-2522:40:12

atlassian

www.cve.org

atlassian

fisheye

crucible

regex

dos

version 4.8.4

cve-2020-14190

EPSS

0.002

Percentile

61.9%

JSON

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.

CNA Affected

[
  {
    "product": "Fisheye",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "4.8.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Crucible",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "4.8.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

jira.atlassian.com/browse/CRUC-8498

jira.atlassian.com/browse/FE-7336

EPSS

0.002

Percentile

61.9%

JSON

Related for CVELIST:CVE-2020-14190