cbcvebase.
CVE-2020-29446
published 2021-01-18

CVE-2020-29446: Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in…

medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5.

Affected

6 ranges
VendorProductVersion rangeFixed in
atlassiancrucible< 4.8.94.8.9
atlassiancrucible< 4.8.54.8.5
atlassiancrucible>= unspecified < 4.8.94.8.9
atlassianfisheye< 4.8.94.8.9
atlassianfisheye< 4.8.54.8.5
atlassianfisheye>= unspecified < 4.8.94.8.9