PT-2018-6627 · Atlassian · Fisheye/Crucible
Adam Slaski
·
Publicado
2018-02-02
·
Atualizado
2019-10-09
·
CVE-2017-18035
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Atlassian Fisheye and Crucible versions prior to 4.5.1 and 4.6.0
Description:
The issue concerns a missing permissions check in the /rest/review-coverage-chart/1.0/data//.json resource. This allows remote attackers without access to a particular repository to determine its existence and access review coverage statistics.
Recommendations:
For versions prior to 4.5.1, update to version 4.5.1 or later.
For versions prior to 4.6.0, update to version 4.6.0 or later.
Correção
Improper Access Control
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Fisheye/Crucible