Atlassian Fisheye And Crucible vulnerabilities
5 known vulnerabilities affecting atlassian/atlassian_fisheye_and_crucible.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2017-14588MEDIUMCVSS 6.1vAll versions prior to version 4.4.22017-10-11
CVE-2017-14588 [MEDIUM] CWE-79 CVE-2017-14588: Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to i
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.
cvelistv5nvd
CVE-2017-14587MEDIUMCVSS 5.4vAll versions prior to version 4.4.22017-10-11
CVE-2017-14587 [MEDIUM] CWE-79 CVE-2017-14587: The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 all
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.
cvelistv5nvd
CVE-2017-9512HIGHCVSS 7.5vAll versions prior to version 4.4.12017-08-24
CVE-2017-9512 [HIGH] CWE-200 CVE-2017-9512: The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.
cvelistv5nvd
CVE-2017-9511HIGHCVSS 7.5vAll versions prior to version 4.4.12017-08-24
CVE-2017-9511 [HIGH] CWE-22 CVE-2017-9511: The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.
cvelistv5nvd
CVE-2017-9508MEDIUMCVSS 5.4vAll versions prior to version 4.4.12017-08-24
CVE-2017-9508 [MEDIUM] CWE-79 CVE-2017-9508: Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to i
Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.
cvelistv5nvd