PT-2018-16814 · Atlassian+2 · Crucible+3
Zhang Tianqi
·
Publicado
2018-03-29
·
Atualizado
2018-04-24
·
CVE-2018-5223
CVSS v3.1
7.2
Alta
| Vetor | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Fisheye versions prior to 4.4.6
Fisheye versions 4.5.0 through 4.5.2
Crucible versions prior to 4.4.6
Crucible versions 4.5.0 through 4.5.2
Description
The issue arises from incorrect checking of configured Mercurial repository URIs in Fisheye and Crucible, allowing an attacker with repository addition permissions to execute arbitrary code on Windows operating systems running vulnerable versions of the software.
Recommendations
For Fisheye versions prior to 4.4.6, update to version 4.4.6 or later.
For Fisheye versions 4.5.0 through 4.5.2, update to version 4.5.3 or later.
For Crucible versions prior to 4.4.6, update to version 4.4.6 or later.
For Crucible versions 4.5.0 through 4.5.2, update to version 4.5.3 or later.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Crucible
Fisheye
Mercurial
Windows