CVE-2017-9511

CWE-22 — Path Traversal3 documents3 sources

Severity

7.5HIGH

EPSS

0.9%

top 25.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Crucible Atlassian Fisheye Atlassian Atlassian Fisheye AND Crucible

Timeline

PublishedAug 24

Latest updateMay 13

Description

The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5atlassian/atlassian_fisheye_and_crucibleAll versions prior to version 4.4.1

▶NVDatlassian/fisheye4.4.0

▶NVDatlassian/crucible4.4.0

🔴Vulnerability Details

GHSA

GHSA-v6mw-4xwj-vqrm: The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4↗2022-05-13

▶

CVEList

CVE-2017-9511: The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4↗2017-08-24

▶