Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-6996

Missing permission check in review coverage REST endpoint - CVE-2017-18035

    Details

    • Symptom Severity:
      Minor

      Description

      The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.

      Affected versions:

      Older than 4.5.1

      Fix versions:

      4.5.1, 4.6.0

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                aslaski Adam Slaski
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Last commented:
                  17 weeks, 4 days ago