4 matches found
Authorization
The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 the fixed version 4.5.x and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability...
CVE-2017-18095
The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 the fixed version 4.5.x and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability...
CVE-2017-18095
CVE-2017-18095 affects Atlassian Crucible prior to 4.5.1 and prior to 4.6.0. The vulnerability is an improper authorization that allows remote attackers to comment on snippets they should not access. A fix exists in the 4.5.x series (4.5.1+) and in 4.6.0+. Organizations using Crucible should upgr...
CVE-2017-18095
The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 the fixed version 4.5.x and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability...