3 matches found
Atlassian FishEye and Crucible mostActiveCommitters Information Disclosure (CVE-2017-9512)
An information disclosure vulnerability exists in Atlassian FishEye and Crucible. The vulnerability is due to a lack of permission check on mostActiveCommitters.do. A remote, unauthenticated attacker can exploit this vulnerability by sending a request to mostActiveCommitters.do...
CVE-2017-9512
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks...
CVE-2017-9512
CVE-2017-9512 affects Atlassian FishEye and Crucible prior to version 4.4.1. The vulnerability is an information disclosure in the mostActiveCommitters.do resource due to missing permission checks, allowing anonymous remote access to sensitive data such as committers’ email addresses. Connected s...