CVE-2017-9512

CWE-200Information Exposure3 documents3 sources
Severity
7.5HIGH
EPSS
1.6%
top 18.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian CrucibleAtlassian FisheyeAtlassian Atlassian Fisheye AND Crucible
Timeline
PublishedAug 24
Latest updateMay 13

Description

The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5atlassian/atlassian_fisheye_and_crucibleAll versions prior to version 4.4.1

🔴Vulnerability Details

2
GHSA
GHSA-fp8m-5h9q-mjmp: The mostActiveCommitters2022-05-13
CVEList
CVE-2017-9512: The mostActiveCommitters2017-08-24
CVE-2017-9512 (HIGH CVSS 7.5) | The mostActiveCommitters.do resourc | cvebase.io