PT-2018-6674 · Atlassian · Crucible
Publicado
2018-02-19
·
Atualizado
2019-10-09
·
CVE-2017-18095
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Atlassian Crucible versions prior to 4.5.1
Atlassian Crucible versions prior to 4.6.0
Description:
The issue is related to an improper authorization vulnerability in the SnippetRPCServiceImpl class. This allows remote attackers to comment on snippets they do not have authorization to access.
Recommendations:
For versions prior to 4.5.1, update to version 4.5.1 or later.
For versions prior to 4.6.0, update to version 4.6.0 or later.
Correção
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Crucible