CVE-2021-43955

CWE-668 — Exposure to Wrong Sphere3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 60.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Crucible Atlassian Fisheye

Timeline

PublishedMar 16

Latest updateMar 17

Description

The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5atlassian/fisheyeunspecified — 4.8.9

▶NVDatlassian/fisheye< 4.8.9

▶CVEListV5atlassian/crucibleunspecified — 4.8.9

▶NVDatlassian/crucible< 4.8.9

🔴Vulnerability Details

GHSA

GHSA-r38x-qwc8-xv5f: The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4↗2022-03-17

▶

CVEList

CVE-2021-43955: The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4↗2022-03-16

▶