Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-8469

Information disclosure in the /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin - CVE-2020-4016

      The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability.

            [CRUC-8469] Information disclosure in the /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin - CVE-2020-4016

            Marek Parfianowicz made changes -
            Labels Original: advisory advisory-released bugbounty cve-2020-4016 cvss-medium information-disclosure release-48x release-490 security New: advisory advisory-released bugbounty cve-2020-4016 cvss-medium information-disclosure release-48x security
            Marek Parfianowicz made changes -
            Labels Original: advisory advisory-released bugbounty cve-2020-4016 cvss-medium information-disclosure release-490 security New: advisory advisory-released bugbounty cve-2020-4016 cvss-medium information-disclosure release-48x release-490 security
            Marek Parfianowicz made changes -
            Labels Original: advisory advisory-released bugbounty cve-2020-4016 cvss-medium information-disclosure security New: advisory advisory-released bugbounty cve-2020-4016 cvss-medium information-disclosure release-490 security
            Marek Parfianowicz made changes -
            Fix Version/s Original: 4.9.0 [ 90696 ]
            Erin Jensby made changes -
            Labels Original: advisory advisory-to-release bugbounty cve-2020-4016 cvss-medium information-disclosure security New: advisory advisory-released bugbounty cve-2020-4016 cvss-medium information-disclosure security
            Erin Jensby made changes -
            Description Original: The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of the Jira applink(s) via a information disclosure vulnerability. New: The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability.
            David Black made changes -
            Due Date Original: 16/Jul/2020
            David Black made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Closed [ 6 ] New: Closed [ 6 ]
            Security Metrics Bot made changes -
            Due Date New: 16/Jul/2020
            Erin Jensby made changes -
            Labels Original: advisory advisory-to-release bugbounty cvss-medium information-disclosure security New: advisory advisory-to-release bugbounty cve-2020-4016 cvss-medium information-disclosure security

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: