mostActiveCommitters.do lacks permission checks - CVE-2017-9512

XMLWordPrintable

    • Severity 3 - Minor

      The mostActiveCommitters.do resource in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.

              Assignee:
              Unassigned
              Reporter:
              Piotr Swiecicki
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: