Atlassian Fisheye vulnerabilities
53 known vulnerabilities affecting atlassian/fisheye.
Total CVEs
53
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH10MEDIUM38
Vulnerabilities
Page 1 of 3
CVE-2024-21683HIGHCVSS 8.8PoC≥ 4.8.0, < 4.8.152024-05-21
CVE-2024-21683 [HIGH] CWE-94 CVE-2024-21683: This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Conflu
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.
This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availabi
nvd
CVE-2022-26136CRITICALCVSS 9.8fixed in 4.8.10≥ unspecified, < 4.8.102022-07-20
CVE-2022-26136 [CRITICAL] CWE-180 CVE-2022-26136: A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass S
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released update
cvelistv5nvd
CVE-2022-26137HIGHCVSS 8.8fixed in 4.8.10≥ unspecified, < 4.8.102022-07-20
CVE-2022-26137 [HIGH] CWE-180 CVE-2022-26137: A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause ad
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a speci
cvelistv5nvd
CVE-2021-43958CRITICALCVSS 9.8fixed in 4.8.9≥ unspecified, < 4.8.92022-03-16
CVE-2021-43958 [CRITICAL] CWE-307 CVE-2021-43958: Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brut
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of exc
cvelistv5nvd
CVE-2021-43957HIGHCVSS 7.5fixed in 4.8.92022-03-16
CVE-2021-43957 [HIGH] CVE-2021-43957: Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9.
cvelistv5nvd
CVE-2021-43956MEDIUMCVSS 6.1fixed in 4.8.9≥ unspecified, < 4.8.92022-03-16
CVE-2021-43956 [MEDIUM] CWE-1321 CVE-2021-43956: The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.
cvelistv5nvd
CVE-2021-43955MEDIUMCVSS 4.3fixed in 4.8.9≥ unspecified, < 4.8.92022-03-16
CVE-2021-43955 [MEDIUM] CVE-2021-43955: The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed auth
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability.
cvelistv5nvd
CVE-2021-43954MEDIUMCVSS 4.3fixed in 4.8.9≥ unspecified, < 4.8.92022-03-14
CVE-2021-43954 [MEDIUM] CWE-918 CVE-2021-43954: The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote
The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.
cvelistv5nvd
CVE-2020-14192MEDIUMCVSS 4.3fixed in 4.8.4≥ unspecified, < 4.8.42021-02-02
CVE-2020-14192 [MEDIUM] CWE-200 CVE-2020-14192: Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN v
Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4.
cvelistv5nvd
CVE-2020-29446MEDIUMCVSS 5.3fixed in 4.8.5≥ unspecified, < 4.8.92021-01-18
CVE-2020-29446 [MEDIUM] CWE-639 CVE-2020-29446: Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via a
Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5.
cvelistv5nvd
CVE-2020-14190HIGHCVSS 7.5fixed in 4.8.4≥ unspecified, < 4.8.42020-11-25
CVE-2020-14190 [HIGH] CWE-400 CVE-2020-14190: Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Se
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.
cvelistv5nvd
CVE-2020-14191HIGHCVSS 7.5fixed in 4.8.4≥ unspecified, < 4.8.42020-11-25
CVE-2020-14191 [HIGH] CVE-2020-14191: Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's a
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4.
cvelistv5nvd
CVE-2017-18112MEDIUMCVSS 6.5fixed in 4.8.3≥ unspecified, < 4.8.32020-08-05
CVE-2017-18112 [MEDIUM] CWE-200 CVE-2017-18112: Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a reposit
Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3.
cvelistv5nvd
CVE-2020-4026MEDIUMCVSS 4.3≥ unspecified, < 4.8.22020-06-03
CVE-2020-4026 [MEDIUM] CWE-863 CVE-2020-4026: The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from ve
The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorizat
cvelistv5nvd
CVE-2020-4018HIGHCVSS 8.8fixed in 4.8.1≥ unspecified, < 4.8.12020-06-01
CVE-2020-4018 [HIGH] CWE-352 CVE-2020-4018: The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers t
The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability.
cvelistv5nvd
CVE-2020-4016MEDIUMCVSS 5.3fixed in 4.8.1≥ unspecified, < 4.8.12020-06-01
CVE-2020-4016 [MEDIUM] CVE-2020-4016: The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye an
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability.
cvelistv5nvd
CVE-2020-4014MEDIUMCVSS 4.3fixed in 4.8.1≥ unspecified, < 4.8.12020-06-01
CVE-2020-4014 [MEDIUM] CVE-2020-4014: The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows r
The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability.
cvelistv5nvd
CVE-2020-4017MEDIUMCVSS 5.3fixed in 4.8.1≥ unspecified, < 4.8.12020-06-01
CVE-2020-4017 [MEDIUM] CVE-2020-4017: The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fish
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability.
cvelistv5nvd
CVE-2020-4023MEDIUMCVSS 5.4fixed in 4.8.2≥ unspecified, < 4.8.22020-06-01
CVE-2020-4023 [MEDIUM] CWE-79 CVE-2020-4023: The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote at
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter.
cvelistv5nvd
CVE-2020-4013MEDIUMCVSS 5.4fixed in 4.8.1≥ unspecified, < 4.8.12020-06-01
CVE-2020-4013 [MEDIUM] CWE-79 CVE-2020-4013: The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers t
The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.
cvelistv5nvd
1 / 3Next →