[FE-7284] Security misconfiguration in the /json/fe/activeUserFinder.do resource - CVE-2020-4015 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 4.8.1
Affects Version/s: 4.8.0
Component/s: User management
Labels:

Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a security misconfiguration.

is related to

CRUC-8468 Security misconfiguration in the /json/fe/activeUserFinder.do resource - CVE-2020-4015

Closed

Marek Parfianowicz made changes - 09/Nov/2023 9:44 AM

Labels

Original: advisory advisory-released bugbounty cve-2020-4015 cvss-medium release-48x release-490 security security-misconfiguration

New: advisory advisory-released bugbounty cve-2020-4015 cvss-medium release-48x security security-misconfiguration

Marek Parfianowicz made changes - 09/Nov/2023 9:43 AM

Labels

Original: advisory advisory-released bugbounty cve-2020-4015 cvss-medium release-490 security security-misconfiguration

New: advisory advisory-released bugbounty cve-2020-4015 cvss-medium release-48x release-490 security security-misconfiguration

Marek Parfianowicz made changes - 09/May/2023 5:48 PM

Labels

Original: advisory advisory-released bugbounty cve-2020-4015 cvss-medium security security-misconfiguration

New: advisory advisory-released bugbounty cve-2020-4015 cvss-medium release-490 security security-misconfiguration

Marek Parfianowicz made changes - 16/Mar/2021 11:17 AM

Fix Version/s

Original: 4.9.0 [ 90694 ]

Erin Jensby made changes - 22/Apr/2020 3:19 PM

Labels

Original: advisory advisory-to-release bugbounty cve-2020-4015 cvss-medium security security-misconfiguration

New: advisory advisory-released bugbounty cve-2020-4015 cvss-medium security security-misconfiguration

David Black made changes - 17/Apr/2020 2:40 AM

Due Date

Original: 16/Jul/2020

David Black made changes - 17/Apr/2020 2:40 AM

Resolution		New: Fixed [ 1 ]
Status	Original: Closed [ 6 ]	New: Closed [ 6 ]

Security Metrics Bot made changes - 16/Apr/2020 8:11 PM

Due Date

New: 16/Jul/2020

Erin Jensby made changes - 16/Apr/2020 7:29 PM

Labels

Original: advisory advisory-to-release bugbounty cvss-medium security security-misconfiguration

New: advisory advisory-to-release bugbounty cve-2020-4015 cvss-medium security security-misconfiguration

Erin Jensby made changes - 16/Apr/2020 7:28 PM

Description

Original: Component in Atlassian Fisheye Crucible Development before version 4.8.1, 4.9.0 allows remote attackers to IMPACT via a VULN_INFO.

New: The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a security misconfiguration.

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 16/Apr/2020 7:26 PM

Updated:: 09/Nov/2023 9:44 AM

Resolved:: 17/Apr/2020 2:40 AM

Details

Description

Attachments

Issue Links

Forms

Activity

[FE-7284] Security misconfiguration in the /json/fe/activeUserFinder.do resource - CVE-2020-4015

People

Dates