Details
-
Type:
Public Security Vulnerability
-
Status: Published (View Workflow)
-
Priority:
Low
-
Resolution: Fixed
-
Affects Version/s: 4.8.4
-
Fix Version/s: 4.8.5
-
Component/s: None
-
CVSS Score:5
-
CVSS Severity:Medium
Description
Affected versions of Atlassian Dev Tools allow remote attackers
to browse local files via an Insecure Direct Object References (IDOR) vulnerability in WEB-INF in Fisheye/Crucible.
The affected versions are before version 4.8.5.
Affected versions:
- version < 4.8.5
Fixed versions:
- 4.8.5
- 4.9.0
Attachments
Issue Links
- is related to
-
CRUC-8496 Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446
-
- Published
-