Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-8163

Missing permission check in review coverage REST endpoint - CVE-2017-18035

    XMLWordPrintable

Details

    Description

      The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.

      Affected versions:

      Older than 4.5.1

      Fix versions:

      4.5.1, 4.6.0

      Attachments

        Issue Links

          was cloned as

          Bug - A problem which impairs or prevents the functions of the product. FE-6996 Missing permission check in review coverage REST endpoint - CVE-2017-18035

          • Low - Low priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              aslaski Adam Slaski
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: