-
Bug
-
Resolution: Fixed
-
Medium
-
3.2.0, 4.2.1, 4.4.1
-
None
-
Severity 3 - Minor
-
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter.
- was cloned as
-
-
- Closed
-
[CRUC-8212] Path traversal Vulnerability in the review attachment resource - CVE-2017-16859
| Labels | Original: CVE-2017-16859 advisory advisory-released cvss-high path-traversal security | New: CVE-2017-16859 advisory advisory-released cvss-high idor path-traversal security |
| Workflow | Original: FE-CRUC Bug Workflow [ 2939407 ] | New: JAC Bug Workflow v3 [ 2952580 ] |
| Workflow | Original: FECRU Development Workflow - Triage - Restricted [ 2706142 ] | New: FE-CRUC Bug Workflow [ 2939407 ] |
| Labels | Original: CVE-2017-16859 advisory advisory-to-release cvss-high path-traversal security | New: CVE-2017-16859 advisory advisory-released cvss-high path-traversal security |
| Labels | Original: advisory advisory-to-release cvss-high path-traversal security | New: CVE-2017-16859 advisory advisory-to-release cvss-high path-traversal security |
| Security | Original: Reporter and Atlassian Staff [ 10751 ] |
| Summary | Original: Path traversal Vulnerability in the review attachment resource - CVE-PENDING | New: Path traversal Vulnerability in the review attachment resource - CVE-2017-16859 |
| Summary | Original: Path traversal Vulnerability in Crucible Upload - CVE-PENDING | New: Path traversal Vulnerability in the review attachment resource - CVE-PENDING |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Needs Triage [ 10030 ] | New: Closed [ 6 ] |