PT-2018-6674 · Atlassian · Crucible
Published
2018-02-19
·
Updated
2019-10-09
·
CVE-2017-18095
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Atlassian Crucible versions prior to 4.5.1
Atlassian Crucible versions prior to 4.6.0
Description:
The issue is related to an improper authorization vulnerability in the SnippetRPCServiceImpl class. This allows remote attackers to comment on snippets they do not have authorization to access.
Recommendations:
For versions prior to 4.5.1, update to version 4.5.1 or later.
For versions prior to 4.6.0, update to version 4.6.0 or later.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Crucible