[CRUC-6188] Crucible privilege escalation vulnerability

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 2.8.0, 2.7.15, 2.5.9, 2.6.9
Affects Version/s: None
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

We have identified and fixed a vulnerability in FishEye and Crucible that results from behaviour of certain third-party frameworks used in FishEye and Crucible. This vulnerability allows any attacker to:

Set the FishEye and Crucible instance to allow anonymous access
Set the FishEye and Crucible instance to allow anonymous signup

All versions of FishEye and Crucible up to and including 2.7.14 are affected by this vulnerability. The vulnerability is fixed in FishEye and/or Crucible 2.8.0 and later.

Details of this vulnerability are available in the advisory at https://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-08-21

and https://confluence.atlassian.com/display/CRUCIBLE/FishEye+and+Crucible+Security+Advisory+2012-08-21

is cloned from

FE-4222 FishEye privilege escalation vulnerability

Closed

mentioned in: Page No Confluence page found with the given URL.; Page No Confluence page found with the given URL.; Page No Confluence page found with the given URL.; Page No Confluence page found with the given URL.; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...

(40 mentioned in)

Rachel Robins made changes - 06/Sep/2021 11:07 PM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 228241 ]

Mateusz Miara (Inactive) made changes - 25/Oct/2018 9:33 AM

Remote Link

Original: This issue links to "Wiki Page (Atlassian Documentation - Confluence)" [ 22123 ]

Owen made changes - 16/Oct/2018 8:15 AM

Workflow

Original: FE-CRUC Bug Workflow [ 2941809 ]

New: JAC Bug Workflow v3 [ 2955813 ]

Owen made changes - 16/Oct/2018 4:41 AM

Workflow

Original: FECRU Development Workflow - Triage - Restricted [ 1511464 ]

New: FE-CRUC Bug Workflow [ 2941809 ]

Rachel Robins made changes - 17/Nov/2016 4:04 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 228241 ]

New: This issue links to "Page (Atlassian Documentation)" [ 228241 ]

Rachel Robins made changes - 17/Nov/2016 4:01 AM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 228241 ]

Rachel Robins made changes - 17/Nov/2016 2:49 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 228137 ]

New: This issue links to "Page (Atlassian Documentation)" [ 228137 ]

Rachel Robins made changes - 17/Nov/2016 2:45 AM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 228137 ]

paulwatson (Inactive) made changes - 06/Sep/2016 12:52 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 200470 ]

New: This issue links to "Page (Atlassian Documentation)" [ 200470 ]

paulwatson (Inactive) made changes - 06/Sep/2016 12:51 AM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 200470 ]

Assignee:: VitalyA

Reporter:: paulwatson (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 3 Start watching this issue

Created:: 10/Aug/2012 12:21 AM

Updated:: 06/Sep/2021 11:07 PM

Resolved:: 22/Aug/2012 3:53 AM

Crucible

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates