Loading...

XML

Word

Printable

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 4.8.5
Affects Version/s: 4.8.4
Component/s: None
Labels:

CVSS Score:
5
CVSS Severity:
Medium
CVE ID:
CVE-2020-29446

Affected versions of Atlassian Dev Tools allow remote attackers
to browse local files via an Insecure Direct Object References (IDOR) vulnerability in WEB-INF in Fisheye/Crucible.

The affected versions are before version 4.8.5.

Affected versions:

version < 4.8.5

Fixed versions:

4.8.5
4.9.0

relates to

CRUC-8524 CVE-2021-43957: Bypass for CVE-2020-29446 (Local file disclosure / path traversal within WEB-INF)

Published

FE-7326 Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446

Published

FE-7388 CVE-2021-43957: Bypass for CVE-2020-29446 (Local file disclosure / path traversal within WEB-INF)

Published

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 28/Oct/2020 5:50 PM

Updated:: 09/Nov/2023 9:44 AM

Resolved:: 18/Jan/2021 1:32 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates