CVE-2017-14591

CWE-883 documents3 sources
Severity
9.0CRITICAL
EPSS
0.7%
top 29.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian CrucibleAtlassian FisheyeAtlassian Fisheye AND Crucible
Timeline
PublishedNov 29
Latest updateMay 17

Description

Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages3 packages

CVEListV5atlassian/fisheye_and_crucibleVersions less than 4.4.3 OR version 4.5.0
NVDatlassian/fisheye< 4.4.3+1
NVDatlassian/crucible< 4.4.3+1

🔴Vulnerability Details

2
GHSA
GHSA-5w4x-5vvq-236j: Atlassian Fisheye and Crucible versions less than 42022-05-17
CVEList
CVE-2017-14591: Atlassian Fisheye and Crucible versions less than 42017-11-29
CVE-2017-14591 (CRITICAL CVSS 9) | Atlassian Fisheye and Crucible vers | cvebase.io