Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-7105

Weak permissions on the installation directory - CVE-2018-13399

XMLWordPrintable

      The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.

            [FE-7105] Weak permissions on the installation directory - CVE-2018-13399

            Marek Parfianowicz made changes -
            Link New: This issue supersedes FE-7216 [ FE-7216 ]
            Marek Parfianowicz made changes -
            Fix Version/s Original: 4.7.0 [ 81794 ]
            Owen made changes -
            Workflow Original: FE-CRUC Bug Workflow [ 2945180 ] New: JAC Bug Workflow v3 [ 2957472 ]
            Owen made changes -
            Workflow Original: FECRU Development Workflow - Triage - Restricted [ 2859989 ] New: FE-CRUC Bug Workflow [ 2945180 ]
            David Black made changes -
            Labels Original: CVE-2018-13399 advisory advisory-to-release basm bugbounty cvss-medium privesc security New: CVE-2018-13399 advisory advisory-released basm bugbounty cvss-medium privesc security
            David Black made changes -
            Security Original: Reporter and Atlassian Staff [ 10751 ]
            Sebastian Pacuk (Inactive) made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Open [ 1 ] New: Closed [ 6 ]
            Security Metrics Bot made changes -
            Due Date New: 23/Nov/2018
            Marek Tokarski made changes -
            Resolution Original: Fixed [ 1 ]
            Status Original: Closed [ 6 ] New: Open [ 1 ]
            David Black made changes -
            Description Original: The Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. New: The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: