3 matches found
Atlassian Fisheye / Crucible 4.5.2 Code Execution Vulnerability
Atlassian Fisheye and Crucible versions 4.5.0 through 4.5.2 suffer from a code execution vulnerability. This email refers to the advisory found at https://confluence.atlassian.com/x/aS5sO and https://confluence.atlassian.com/x/Zi5sO . CVE ID: CVE-2018-5223. Product: Fisheye and Crucible. Affected...
CVE-2018-5223
Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run...
CVE-2018-5223
CVE-2018-5223 affects Atlassian Fisheye and Crucible running on Windows. The issue arises from improper handling of Mercurial repository URIs, which can be interpreted as Windows argument parameters, enabling code execution by an authenticated attacker who can add repositories. Affected versions ...