Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-8053

mostActiveCommitters.do lacks permission checks - CVE-2017-9512

    XMLWordPrintable

    Details

      Description

      The mostActiveCommitters.do resource in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              pswiecicki Piotr Swiecicki
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: