Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-7061

Path traversal Vulnerability in the review attachment resource - CVE-2017-16859

XMLWordPrintable

      The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter.

            [FE-7061] Path traversal Vulnerability in the review attachment resource - CVE-2017-16859

            Richard Atkins made changes -
            Labels Original: CVE-2017-16859 advisory advisory-released cvss-high path-traversal security New: CVE-2017-16859 advisory advisory-released cvss-high idor path-traversal security
            Owen made changes -
            Workflow Original: FE-CRUC Bug Workflow [ 2942976 ] New: JAC Bug Workflow v3 [ 2957994 ]
            Owen made changes -
            Workflow Original: FECRU Development Workflow - Triage - Restricted [ 2706144 ] New: FE-CRUC Bug Workflow [ 2942976 ]
            David Black made changes -
            Labels Original: CVE-2017-16859 advisory advisory-to-release cvss-high path-traversal security New: CVE-2017-16859 advisory advisory-released cvss-high path-traversal security
            David Black made changes -
            Labels Original: advisory advisory-to-release cvss-high path-traversal security New: CVE-2017-16859 advisory advisory-to-release cvss-high path-traversal security
            David Black made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Needs Triage [ 10030 ] New: Closed [ 6 ]
            David Black made changes -
            Fix Version/s New: 4.5.0 [ 71891 ]
            Fix Version/s New: 4.4.3 [ 73503 ]
            Fix Version/s New: 4.3.2 [ 67297 ]
            Fix Version/s Original: 4.3.2 [ 67298 ]
            Fix Version/s Original: 4.5.0 [ 72296 ]
            Fix Version/s Original: 4.4.3 [ 73502 ]
            Key Original: CRUC-8213 New: FE-7061
            Affects Version/s New: 4.4.1 [ 70801 ]
            Affects Version/s New: 4.2.1 [ 64120 ]
            Affects Version/s New: 3.2.0 [ 34893 ]
            Affects Version/s Original: 3.2.0 [ 35490 ]
            Affects Version/s Original: 4.2.1 [ 64617 ]
            Affects Version/s Original: 4.4.1 [ 70800 ]
            Project Original: Crucible [ 11771 ] New: FishEye [ 11830 ]
            David Black made changes -
            Link New: This issue is detailed by FECRU-7456 [ FECRU-7456 ]
            David Black made changes -
            Link New: This issue is cloned from CRUC-8212 [ CRUC-8212 ]
            David Black made changes -
            Epic Link New: FECRU-3837 [ 295209 ]
            David Black created issue -

              Unassigned Unassigned
              mtokarski@atlassian.com Marek Tokarski
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: