Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-5208

Administrator password reset

XMLWordPrintable

      An unauthenticated user is able to set the admin password of FishEye to any value, gaining admin access to the FishEye instance as a result.

      The vulnerability affects FishEye version 3.x. Versions earlier than 3.0 are not vulnerable. The vulnerability has been fixed in recent releases 3.0.4, 3.1.7, 3.2.5, 3.3.4, 3.4.4, 3.5.0.

      For additional details see the full advisory

            cmacneill Conor
            vosipov VitalyA
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: