-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
None
-
Severity 2 - Major
-
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
- is cloned from
-
-
- Closed
-
[CRUC-8314] Weak permissions on the installation directory - CVE-2018-13399
| Fix Version/s | Original: 4.7.0 [ 81793 ] |
| Workflow | Original: FE-CRUC Bug Workflow [ 2941962 ] | New: JAC Bug Workflow v3 [ 2954358 ] |
| Workflow | Original: FECRU Development Workflow - Triage - Restricted [ 2859991 ] | New: FE-CRUC Bug Workflow [ 2941962 ] |
| Labels | Original: CVE-2018-13399 advisory advisory-to-release basm bugbounty cvss-medium privesc security | New: CVE-2018-13399 advisory advisory-released basm bugbounty cvss-medium privesc security |
| Security | Original: Reporter and Atlassian Staff [ 10751 ] |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Open [ 1 ] | New: Closed [ 6 ] |
| Due Date | New: 23/Nov/2018 |
| Resolution | Original: Fixed [ 1 ] | |
| Status | Original: Closed [ 6 ] | New: Open [ 1 ] |
| Description | Original: The Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. | New: The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. |
| Priority | Original: Low [ 4 ] | New: Medium [ 3 ] |