Lucene search
K

14 matches found

ATTACKERKB
ATTACKERKB
added 2022/07/20 12:0 a.m.7 views

CVE-2022-26136

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and...

9.8CVSS5.5AI score0.04244EPSS
Exploits0References9Affected Software13
Cvelist
Cvelist
added 2022/03/16 12:55 a.m.31 views

CVE-2021-43957

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...

6.5AI score0.01245EPSS
Exploits0References2
Atlassian
Atlassian
added 2022/03/07 8:2 a.m.53 views

CVE-2021-43957: Bypass for CVE-2020-29446 (Local file disclosure / path traversal within WEB-INF)

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...

7.5CVSS6AI score0.01245EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/01/18 12:0 a.m.4 views

PT-2021-7921 · Atlassian · Fisheye/Crucible

Name of the Vulnerable Software and Affected Versions: Atlassian Fisheye & Crucible versions prior to 4.8.5 Description: The issue is related to an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory, allowing remote attackers to browse local files. This can lead to...

5.3CVSS7AI score0.01144EPSS
Exploits0References9
NVD
NVD
added 2020/11/25 10:15 p.m.41 views

CVE-2020-14191

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4...

7.5CVSS7.4AI score0.01212EPSS
Exploits0References2
OSV
OSV
added 2020/11/25 10:15 p.m.3 views

CVE-2020-14191

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4...

7.5CVSS7.2AI score0.01212EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/11/25 9:55 p.m.40 views

CVE-2020-14191

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4...

7.4AI score0.01212EPSS
Exploits0References2
Atlassian
Atlassian
added 2020/11/19 12:22 a.m.81 views

DoS vulnerability in MessageBundleResource - CVE-2020-14191

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed...

7.5CVSS6.8AI score0.01212EPSS
Exploits0Affected Software1
NVD
NVD
added 2020/06/01 7:15 a.m.24 views

CVE-2020-4017

The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability...

5.3CVSS5.2AI score0.01245EPSS
Exploits0References2
NVD
NVD
added 2020/06/01 7:15 a.m.22 views

CVE-2020-4013

The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the review objectives...

5.4CVSS5.3AI score0.00628EPSS
Exploits0References2
OSV
OSV
added 2019/12/11 3:15 p.m.5 views

CVE-2019-15007

The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a missing branch...

4.8CVSS5.4AI score0.00596EPSS
Exploits0References2
CNVD
CNVD
added 2018/09/20 12:0 a.m.4 views

Atlassian Fisheye and Crucible Cross-Site Request Forgery Vulnerabilities

Atlassian FishEye and Crucible are both products of the Australian company Atlassian, FishEye is a suite of software for deep viewing of source code repositories and Crucible is a suite of code review tools. A cross-site request forgery vulnerability exists in the administrative smart-commits...

6.5CVSS6.6AI score0.00534EPSS
Exploits0References1
CVE
CVE
added 2018/02/19 2:0 p.m.50 views

CVE-2017-18093

This CVE affects Atlassian Fisheye and Crucible: before versions 4.4.3 (for 4.4.x line) and before 4.5.0 are vulnerable. The issue is a cross-site scripting (XSS) vulnerability in the location setting of a configured repository, exploitable by remote attackers who have permission to add or modify...

4.8CVSS5AI score0.00857EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2017/08/24 12:0 a.m.9 views

PT-2017-18981 · Atlassian · Fisheye/Crucible

Name of the Vulnerable Software and Affected Versions: Atlassian Fisheye and Crucible versions prior to 4.4.1 Description: The issue allows anonymous remote attackers to access sensitive information, such as email addresses of committers, due to a lack of permission checks in the...

7.5CVSS7.8AI score0.0197EPSS
Exploits0References6
Rows per page
Query Builder