CVE-2017-18095Incorrect Authorization in Atlassian Crucible

CWE-863Incorrect Authorization3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 57.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Atlassian Crucible
Timeline
PublishedFeb 19
Latest updateMay 13

Description

The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDatlassian/crucible< 4.5.1
CVEListV5atlassian/crucibleprior to 4.5.1, prior to 4.6.0+1

🔴Vulnerability Details

2
GHSA
GHSA-49jr-p97x-4c27: The SnippetRPCServiceImpl class in Atlassian Crucible before version 42022-05-13
CVEList
CVE-2017-18095: The SnippetRPCServiceImpl class in Atlassian Crucible before version 42018-02-19
CVE-2017-18095 — Incorrect Authorization in Atlassian | cvebase