[CRUC-6662] Privilege escalation

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 2.10.8, 3.1.6, 3.2.0
Affects Version/s: None
Component/s: None
Labels:
- advisory
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

We have identified and fixed a vulnerability in Crucible which allowed unauthenticated users to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to your Crucible web interface.

A Crucible server is only vulnerable if it has been configured to be a part of an Application link with Trusted Applications authentication.

The vulnerability affects all supported versions of Crucible up to and including 3.1.5 and 2.10.7. It has been fixed in 3.2.0, 3.1.6 and 2.10.8.

For more information, see our security advisory.

mentioned in: FishEye and Crucible Security Advisory 2014-02-26; Page No Confluence page found with the given URL.; Page No Confluence page found with the given URL.; Page No Confluence page found with the given URL.; Page No Confluence page found with the given URL.; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(11 mentioned in)

Rachel Robins made changes - 06/Sep/2021 11:07 PM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 228152 ]

Owen made changes - 16/Oct/2018 8:14 AM

Workflow

Original: FE-CRUC Bug Workflow [ 2941574 ]

New: JAC Bug Workflow v3 [ 2953142 ]

Owen made changes - 16/Oct/2018 4:41 AM

Workflow

Original: FECRU Development Workflow - Triage - Restricted [ 1511463 ]

New: FE-CRUC Bug Workflow [ 2941574 ]

Rachel Robins made changes - 17/Nov/2016 4:04 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 228152 ]

New: This issue links to "Page (Atlassian Documentation)" [ 228152 ]

Rachel Robins made changes - 17/Nov/2016 4:01 AM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 228152 ]

paulwatson (Inactive) made changes - 06/Sep/2016 12:52 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 200473 ]

New: This issue links to "Page (Atlassian Documentation)" [ 200473 ]

paulwatson (Inactive) made changes - 06/Sep/2016 12:51 AM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 200473 ]

Owen made changes - 07/Jul/2016 6:35 AM

Workflow

Original: FECRU Development Workflow - Triage [ 939946 ]

New: FECRU Development Workflow - Triage - Restricted [ 1511463 ]

paulwatson (Inactive) made changes - 22/Jun/2016 2:46 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 180980 ]

New: This issue links to "Page (Atlassian Documentation)" [ 180980 ]

paulwatson (Inactive) made changes - 22/Jun/2016 2:44 AM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 180980 ]

Assignee:: Unassigned

Reporter:: Renan Battaglin

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 21/Nov/2013 5:15 AM

Updated:: 06/Sep/2021 11:07 PM

Resolved:: 26/Feb/2014 11:23 AM

Crucible

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates