Lucene search
K

32 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-30816

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00736EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/12/29 10:15 p.m.3 views

CVE-2023-52240

The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SA...

6.1CVSS5.8AI score0.00495EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2022/07/20 12:0 a.m.7 views

CVE-2022-26136

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and...

9.8CVSS5.5AI score0.04244EPSS
Exploits0References9Affected Software13
Cvelist
Cvelist
added 2022/03/16 12:55 a.m.31 views

CVE-2021-43957

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...

6.5AI score0.01245EPSS
Exploits0References2
OSV
OSV
added 2022/03/14 2:15 a.m.5 views

CVE-2021-43954

The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery SSRF vulnerability...

4.3CVSS5.8AI score0.00736EPSS
Exploits0References2
Atlassian
Atlassian
added 2022/03/07 8:2 a.m.53 views

CVE-2021-43957: Bypass for CVE-2020-29446 (Local file disclosure / path traversal within WEB-INF)

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9...

7.5CVSS6AI score0.01245EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/01/18 12:0 a.m.4 views

PT-2021-7921 · Atlassian · Fisheye/Crucible

Name of the Vulnerable Software and Affected Versions: Atlassian Fisheye & Crucible versions prior to 4.8.5 Description: The issue is related to an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory, allowing remote attackers to browse local files. This can lead to...

5.3CVSS7AI score0.01144EPSS
Exploits0References9
OSV
OSV
added 2020/11/25 11:15 p.m.6 views

CVE-2020-14190

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4...

7.5CVSS7.2AI score
Exploits0References2
NVD
NVD
added 2020/11/25 10:15 p.m.41 views

CVE-2020-14191

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4...

7.5CVSS7.4AI score0.01212EPSS
Exploits0References2
OSV
OSV
added 2020/11/25 10:15 p.m.3 views

CVE-2020-14191

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4...

7.5CVSS7.2AI score0.01212EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/11/25 9:55 p.m.40 views

CVE-2020-14191

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4...

7.4AI score0.01212EPSS
Exploits0References2
Atlassian
Atlassian
added 2020/11/19 12:22 a.m.81 views

DoS vulnerability in MessageBundleResource - CVE-2020-14191

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fixed...

7.5CVSS6.8AI score0.01212EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/10/28 5:50 p.m.57 views

Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446

Affected versions of Atlassian Dev Tools allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in WEB-INF in Fisheye/Crucible. The affected versions are before version 4.8.5. Affected versions: version 4.8.5 Fixed versions: 4.8.5 4.9.0...

7.5CVSS6AI score0.01245EPSS
Exploits0
Atlassian
Atlassian
added 2020/10/28 5:45 p.m.67 views

Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446

Affected versions of Atlassian Dev Tools allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in WEB-INF in Fisheye/Crucible. The affected versions are before version 4.8.5. Affected versions: version 4.8.5 Fixed versions: 4.8.5 4.9.0...

5.3CVSS5.8AI score0.01144EPSS
Exploits0Affected Software1
NVD
NVD
added 2020/06/01 7:15 a.m.24 views

CVE-2020-4017

The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability...

5.3CVSS5.2AI score0.01245EPSS
Exploits0References2
NVD
NVD
added 2020/06/01 7:15 a.m.22 views

CVE-2020-4013

The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the review objectives...

5.4CVSS5.3AI score0.00628EPSS
Exploits0References2
OSV
OSV
added 2020/06/01 7:15 a.m.5 views

CVE-2020-4017

The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability...

5.3CVSS6.1AI score0.01245EPSS
Exploits0References2
OSV
OSV
added 2019/12/11 3:15 p.m.5 views

CVE-2019-15007

The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a missing branch...

4.8CVSS5.4AI score0.00596EPSS
Exploits0References2
Atlassian
Atlassian
added 2019/09/26 4:13 p.m.31 views

Improper Authorization in Fisheye & Crucible through ATST Plugin - CVE-2019-15005

The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was used in Fisheye & Crucible before version 4.7.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. Th...

4.3CVSS3.5AI score0.01334EPSS
Exploits0
CNVD
CNVD
added 2018/09/20 12:0 a.m.4 views

Atlassian Fisheye and Crucible Cross-Site Request Forgery Vulnerabilities

Atlassian FishEye and Crucible are both products of the Australian company Atlassian, FishEye is a suite of software for deep viewing of source code repositories and Crucible is a suite of code review tools. A cross-site request forgery vulnerability exists in the administrative smart-commits...

6.5CVSS6.6AI score0.00534EPSS
Exploits0References1
Rows per page
Query Builder