Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-8053

mostActiveCommitters.do lacks permission checks - CVE-2017-9512

    XMLWordPrintable

Details

    Description

      The mostActiveCommitters.do resource in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.

      Attachments

        Issue Links

          is cloned from

          Bug - A problem which impairs or prevents the functions of the product. FE-6892 mostActiveCommitters.do lacks permission checks - CVE-2017-9512

          • Low - Low priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              pswiecicki Piotr Swiecicki
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: