-
Bug
-
Resolution: Fixed
-
Low
-
4.8.0
-
Severity 3 - Minor
-
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability.
- relates to
-
FE-7285 Information disclosure in the /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin - CVE-2020-4016
-
- Closed
-
[CRUC-8469] Information disclosure in the /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin - CVE-2020-4016
Labels | Original: advisory advisory-released bugbounty cve-2020-4016 cvss-medium information-disclosure release-48x release-490 security | New: advisory advisory-released bugbounty cve-2020-4016 cvss-medium information-disclosure release-48x security |
Labels | Original: advisory advisory-released bugbounty cve-2020-4016 cvss-medium information-disclosure release-490 security | New: advisory advisory-released bugbounty cve-2020-4016 cvss-medium information-disclosure release-48x release-490 security |
Labels | Original: advisory advisory-released bugbounty cve-2020-4016 cvss-medium information-disclosure security | New: advisory advisory-released bugbounty cve-2020-4016 cvss-medium information-disclosure release-490 security |
Fix Version/s | Original: 4.9.0 [ 90696 ] |
Labels | Original: advisory advisory-to-release bugbounty cve-2020-4016 cvss-medium information-disclosure security | New: advisory advisory-released bugbounty cve-2020-4016 cvss-medium information-disclosure security |
Description | Original: The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of the Jira applink(s) via a information disclosure vulnerability. | New: The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability. |
Due Date | Original: 16/Jul/2020 |
Resolution | New: Fixed [ 1 ] | |
Status | Original: Closed [ 6 ] | New: Closed [ 6 ] |
Due Date | New: 16/Jul/2020 |
Labels | Original: advisory advisory-to-release bugbounty cvss-medium information-disclosure security | New: advisory advisory-to-release bugbounty cve-2020-4016 cvss-medium information-disclosure security |