• Type: Bug
• Resolution: Fixed
• Priority: High
• Fix Version/s: 4.4.1
• Affects Version/s: None
• Component/s: None
• Labels:

  • CVE-2017-9511
  • advisory
  • advisory-released
  • cvss-high
  • idor
  • path-traversal
  • security

[FE-6891] Anonymous local file system access on Windows OS - CVE-2017-9511

Owen made changes - 16/Oct/2018 8:16 AM

Workflow

Original: FE-CRUC Bug Workflow [ 2944981 ]

New: JAC Bug Workflow v3 [ 2958938 ]

Owen made changes - 16/Oct/2018 4:43 AM

Workflow

Original: FECRU Development Workflow - Triage - Restricted [ 2409599 ]

New: FE-CRUC Bug Workflow [ 2944981 ]

David Black made changes - 29/Jan/2018 6:31 AM

Remote Link

Original: This issue links to "Page (Extranet)" [ 314233 ]

David Black made changes - 05/Sep/2017 1:23 AM

Description

Original: The MultiPathResource class in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to read read arbitrary files via a path traversal vulnerability when FishEye or Crucible are running on the Microsoft Windows operating system. h3. Workaround Create a {{$FISHEYE_INST\content}} directory, which can be empty but must exist. *Note: * This only affects windows versions.

New: The MultiPathResource class in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when FishEye or Crucible are running on the Microsoft Windows operating system. h3. Workaround Create a {{$FISHEYE_INST\content}} directory, which can be empty but must exist. *Note: * This only affects windows versions.

David Black made changes - 30/Aug/2017 6:10 AM

Labels

Original: CVE-2017-9511 ad advisory advisory-released cvss-high idor path-traversal security

New: CVE-2017-9511 advisory advisory-released cvss-high idor path-traversal security

David Black made changes - 30/Aug/2017 6:10 AM

Labels

Original: CVE-2017-9511 advisory-released cvss-high idor path-traversal security

New: CVE-2017-9511 ad advisory advisory-released cvss-high idor path-traversal security

David Black made changes - 24/Aug/2017 6:18 AM

Labels

Original: advisory-released cvss-high idor path-traversal security

New: CVE-2017-9511 advisory-released cvss-high idor path-traversal security

David Black made changes - 24/Aug/2017 6:18 AM

Summary

Original: Anonymous local file system access on Windows OS

New: Anonymous local file system access on Windows OS - CVE-2017-9511

David Black made changes - 24/Aug/2017 6:13 AM

Description

Original: An anonymous user with access to Crucible can access arbitrary files on the file system. h3. Workaround Create a {{$FISHEYE_INST\content}} directory, which can be empty but must exist. *Note: * This only affects windows versions.

New: The MultiPathResource class in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to read read arbitrary files via a path traversal vulnerability when FishEye or Crucible are running on the Microsoft Windows operating system. h3. Workaround Create a {{$FISHEYE_INST\content}} directory, which can be empty but must exist. *Note: * This only affects windows versions.

David Black made changes - 24/Aug/2017 6:12 AM

Description

Original: An anonymous user with access to Crucible can access arbitrary files on the file system. h3. Workaround Create {{$FISHEYE_INST\content}} directory, which can be empty but must exists. *Note: * This only affects windows versions.

New: An anonymous user with access to Crucible can access arbitrary files on the file system. h3. Workaround Create a {{$FISHEYE_INST\content}} directory, which can be empty but must exist. *Note: * This only affects windows versions.

Load more older events