CVE-2020-29446

Name of the Vulnerable Software and Affected Versions Atlassian Fisheye & Crucible versions prior to 4.8.5

Description The issue is related to an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory, allowing remote attackers to browse local files. This can lead to unauthorized access to protected information. The vulnerability is associated with an error in handling user-controlled authorization keys.

Recommendations For versions prior to 4.8.5, update to version 4.8.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the WEB-INF directory to minimize the risk of exploitation.