-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
4.8.8
-
None
-
5.8
-
Medium
-
CVE-2021-43957
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9.
Affected versions:
- version < 4.8.9
Fixed versions:
- 4.8.9
- is related to
-
-
- Published
-
-
-
- Published
-
-
-
- Published
-
[CRUC-8524] CVE-2021-43957: Bypass for CVE-2020-29446 (Local file disclosure / path traversal within WEB-INF)
| Labels | Original: CVE-2021-43957 advisory advisory-released dont-import release-48x release-490 security | New: CVE-2021-43957 advisory advisory-released dont-import release-48x security |
| Labels | Original: CVE-2021-43957 advisory advisory-released dont-import release-490 security | New: CVE-2021-43957 advisory advisory-released dont-import release-48x release-490 security |
| Labels | Original: CVE-2021-43957 advisory advisory-released dont-import security | New: CVE-2021-43957 advisory advisory-released dont-import release-490 security |
| CVE ID | New: CVE-2021-43957 |
| Resolution | New: Fixed [ 1 ] | |
| Security | Original: Atlassian Staff [ 10750 ] | |
| Status | Original: Draft [ 12872 ] | New: Published [ 12873 ] |
| Labels | Original: CVE-2021-43957 advisory advisory-to-release dont-import security | New: CVE-2021-43957 advisory advisory-released dont-import security |
| CVSS Score | Original: 5.3 | New: 5.8 |
| Summary | Original: CVE-2021-43957: Bypass for CVE-2020-29446 | New: CVE-2021-43957: Bypass for CVE-2020-29446 (Local file disclosure / path traversal within WEB-INF) |