Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-4222

FishEye privilege escalation vulnerability

XMLWordPrintable

      We have identified and fixed a vulnerability in FishEye and Crucible that results from behaviour of certain third-party frameworks used in FishEye and Crucible. This vulnerability allows any attacker to:

      • Set the FishEye and Crucible instance to allow anonymous access
      • Set the FishEye and Crucible instance to allow anonymous signup

      All versions of FishEye and Crucible up to and including 2.7.14 are affected by this vulnerability. The vulnerability is fixed in FishEye and/or Crucible 2.8.0 and later.

      Details of this vulnerability are available in the advisory at https://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-08-21

      and https://confluence.atlassian.com/display/CRUCIBLE/FishEye+and+Crucible+Security+Advisory+2012-08-21

              vosipov VitalyA
              pwatson paulwatson (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: