Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-6188

Crucible privilege escalation vulnerability

    XMLWordPrintable

    Details

      Description

      We have identified and fixed a vulnerability in FishEye and Crucible that results from behaviour of certain third-party frameworks used in FishEye and Crucible. This vulnerability allows any attacker to:

      • Set the FishEye and Crucible instance to allow anonymous access
      • Set the FishEye and Crucible instance to allow anonymous signup

      All versions of FishEye and Crucible up to and including 2.7.14 are affected by this vulnerability. The vulnerability is fixed in FishEye and/or Crucible 2.8.0 and later.

      Details of this vulnerability are available in the advisory at https://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-08-21

      and https://confluence.atlassian.com/display/CRUCIBLE/FishEye+and+Crucible+Security+Advisory+2012-08-21

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              vosipov VitalyA
              Reporter:
              pwatson paulwatson (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: