Design/Logic Flaw

2018-02-0214:29:00

PRIOn knowledge base

www.prio-n.com

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.2%

JSON

The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.

CPENameOperatorVersion
cruciblelt4.5.1
fisheyelt4.5.1

CPE	Name	Operator	Version
	crucible	lt	4.5.1
	fisheye	lt	4.5.1

References

jira.atlassian.com/browse/CRUC-8163

jira.atlassian.com/browse/FE-6996