-
Bug
-
Resolution: Fixed
-
Low
-
None
-
None
-
Severity 3 - Minor
-
The mostActiveCommitters.do resource in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.
- was cloned as
-
CRUC-8053 mostActiveCommitters.do lacks permission checks - CVE-2017-9512
-
- Closed
-
CVSS v3 score: 5.3 => Medium severity
Exploitability Metrics
Scope Metric
Impact Metrics
See http://go.atlassian.com/cvss for more details.
https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N