Adam Slaski

Name of the Vulnerable Software and Affected Versions: Atlassian Fisheye and Crucible versions prior to 4.5.1 and 4.6.0 Description: The issue concerns a missing permissions check in the /rest/review-coverage-chart/1.0/data/<repository name>/.json resource. This allows remote attackers without access to a particular repository to determine its existence and access review coverage statistics. Recommendations: For versions prior to 4.5.1, update to version 4.5.1 or later. For versions prior to 4.6.0, update to version 4.6.0 or later.