Details
-
Bug
-
Resolution: Fixed
-
Low
-
None
-
None
-
Severity 3 - Minor
-
Description
The mostActiveCommitters.do resource in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.
Attachments
Issue Links
- was cloned as
-
CRUC-8053 mostActiveCommitters.do lacks permission checks - CVE-2017-9512
- Closed