PT-2020-6903 · Atlassian · Gadgets+1

Published

2020-11-25

Updated

2021-07-21

CVE-2020-14191

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Atlassian Fisheye/Crucible versions prior to 4.8.4

Description The issue is related to a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets, allowing remote attackers to impact the application's availability. It is also associated with incorrect cleanup or release of resources. Exploitation of this issue can enable a remote attacker to cause a denial of service.

Recommendations For versions prior to 4.8.4, update to version 4.8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the MessageBundleResource within Atlassian Gadgets to minimize the risk of exploitation.

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

BDU:2023-05491

CVE-2020-14191

Affected Products

Fisheye/Crucible

Gadgets

PT-2020-6903 · Atlassian · Gadgets+1

CVE-2020-14191

Weakness Enumeration

Related Identifiers

Affected Products

References · 9