CVE-2017-9511

Name of the Vulnerable Software and Affected Versions Atlassian Fisheye and Crucible versions prior to 4.4.1

Description The issue allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system. This is due to a vulnerability in the MultiPathResource class.

Recommendations For versions prior to 4.4.1, update to version 4.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.