Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-4222

FishEye privilege escalation vulnerability

      We have identified and fixed a vulnerability in FishEye and Crucible that results from behaviour of certain third-party frameworks used in FishEye and Crucible. This vulnerability allows any attacker to:

      • Set the FishEye and Crucible instance to allow anonymous access
      • Set the FishEye and Crucible instance to allow anonymous signup

      All versions of FishEye and Crucible up to and including 2.7.14 are affected by this vulnerability. The vulnerability is fixed in FishEye and/or Crucible 2.8.0 and later.

      Details of this vulnerability are available in the advisory at https://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-08-21

      and https://confluence.atlassian.com/display/CRUCIBLE/FishEye+and+Crucible+Security+Advisory+2012-08-21

            [FE-4222] FishEye privilege escalation vulnerability

            Nick added a comment -

            Set correct fix versions

            Nick added a comment - Set correct fix versions

              vosipov VitalyA
              pwatson paulwatson (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: