Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-6892

mostActiveCommitters.do lacks permission checks - CVE-2017-9512

      The mostActiveCommitters.do resource in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.

            [FE-6892] mostActiveCommitters.do lacks permission checks - CVE-2017-9512

            CVSS v3 score: 5.3 => Medium severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity Low
            Privileges Required None
            User Interaction None

            Scope Metric

            Scope Unchanged

            Impact Metrics

            Confidentiality Low
            Integrity None
            Availability None

            See http://go.atlassian.com/cvss for more details.

            https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

            David Black added a comment - CVSS v3 score: 5.3 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required None User Interaction None Scope Metric Scope Unchanged Impact Metrics Confidentiality Low Integrity None Availability None See http://go.atlassian.com/cvss for more details. https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

              Unassigned Unassigned
              pswiecicki Piotr Swiecicki
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: