Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-6188

Crucible privilege escalation vulnerability


      We have identified and fixed a vulnerability in FishEye and Crucible that results from behaviour of certain third-party frameworks used in FishEye and Crucible. This vulnerability allows any attacker to:

      • Set the FishEye and Crucible instance to allow anonymous access
      • Set the FishEye and Crucible instance to allow anonymous signup

      All versions of FishEye and Crucible up to and including 2.7.14 are affected by this vulnerability. The vulnerability is fixed in FishEye and/or Crucible 2.8.0 and later.

      Details of this vulnerability are available in the advisory at https://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-08-21

      and https://confluence.atlassian.com/display/CRUCIBLE/FishEye+and+Crucible+Security+Advisory+2012-08-21

            vosipov VitalyA
            pwatson paulwatson (Inactive)
            0 Vote for this issue
            3 Start watching this issue