Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-6996

Missing permission check in review coverage REST endpoint - CVE-2017-18035

XMLWordPrintable

      The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.

      Affected versions:

      Older than 4.5.1

      Fix versions:

      4.5.1, 4.6.0

            Unassigned Unassigned
            aslaski Adam Slaski
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: