CVE-2018-13399

Name of the Vulnerable Software and Affected Versions Atlassian Fisheye and Crucible versions prior to 4.6.1 Microsoft Windows Installer for Atlassian Fisheye and Crucible versions prior to 4.6.1

Description The issue is related to permission handling errors in the code search and comparison tool Fisheye and the code review tool Crucible. Exploitation of this issue may allow an attacker to escalate their privileges. The Microsoft Windows Installer for these tools has weak permissions on the installation directory, which can be exploited by local attackers to gain elevated privileges.

Recommendations For Atlassian Fisheye and Crucible versions prior to 4.6.1, update to version 4.6.1 or later to resolve the issue. For Microsoft Windows Installer for Atlassian Fisheye and Crucible versions prior to 4.6.1, update to version 4.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the installation directory to minimize the risk of exploitation.