[FE-7326] Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446 - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Public Security Vulnerability
Status: Published (View Workflow)
Priority: Low
Resolution: Fixed
Affects Version/s: 4.8.4
Fix Version/s: 4.8.5
Component/s: None
Labels:

CVSS Score:
5
CVSS Severity:
Medium

Description

Affected versions of Atlassian Dev Tools allow remote attackers
to browse local files via an Insecure Direct Object References (IDOR) vulnerability in WEB-INF in Fisheye/Crucible.

The affected versions are before version 4.8.5.

Affected versions:

version < 4.8.5

Fixed versions:

4.8.5
4.9.0

Attachments

Issue Links

is related to

CRUC-8496 Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446

Published

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 28/Oct/2020 5:45 PM

Updated:: 16/Mar/2021 11:08 AM

Resolved:: 18/Jan/2021 1:32 AM