CVE-2018-13398
published 2018-09-18CVE-2018-13398: The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a…
medium6.5CVSS 3.0
AVNACLPRNUIRSUCNIHAN
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | crucible | < 4.5.4 | 4.5.4 |
| atlassian | fisheye | < 4.5.4 | 4.5.4 |
| atlassian | fisheye_and_crucible | >= unspecified < 4.5.4 | 4.5.4 |