CVE-2021-43954

Name of the Vulnerable Software and Affected Versions Fisheye and Crucible versions prior to 4.8.9

Description The issue is related to a Server-Side Request Forgery (SSRF) vulnerability in the DefaultRepositoryAdminService class. This vulnerability allows remote attackers with 'can add repository permission' to enumerate the existence of internal network and filesystem resources. The vulnerability is due to insufficient validation of incoming requests, which can be exploited by a remote attacker to perform an SSRF attack.

Recommendations For versions prior to 4.8.9, update to version 4.8.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the DefaultRepositoryAdminService class or disabling the 'can add repository permission' to minimize the risk of exploitation.