Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 2.10.8, 3.1.6, 3.2.0
Affects Version/s: None
Component/s: None
Labels:
- advisory
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

We have identified and fixed a vulnerability in FishEye which allowed unauthenticated users to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to your FishEye web interface.

FishEye server is only vulnerable if it has been configured to be a part of an Application link with Trusted Applications authentication.

The vulnerability affects all supported versions of FishEye up to and including 3.1.5. It has been fixed in 3.2.0, 3.1.6 and 2.10.8.

For more information, see our security advisory.

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(11 mentioned in)

Assignee:: Unassigned

Reporter:: Renan Battaglin

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 21/Nov/2013 5:14 AM

Updated:: 25/Oct/2018 9:33 AM

Resolved:: 26/Feb/2014 11:24 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates