CVE-2020-4017

CWE-200Information Exposure3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.4%
top 38.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian CrucibleAtlassian Fisheye
Timeline
PublishedJun 1
Latest updateMay 24

Description

The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

CVEListV5atlassian/crucibleunspecified4.8.1
NVDatlassian/crucible< 4.8.1
CVEListV5atlassian/fisheyeunspecified4.8.1
NVDatlassian/fisheye< 4.8.1

🔴Vulnerability Details

2
GHSA
GHSA-q564-q668-7hw4: The /rest/jira-ril/12022-05-24
CVEList
CVE-2020-4017: The /rest/jira-ril/12020-06-01
CVE-2020-4017 (MEDIUM CVSS 5.3) | The /rest/jira-ril/1.0/jira-rest/ap | cvebase.io