Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-7336

A user-supplied regex in EyeQL causes ReDoS - CVE-2020-14190

XMLWordPrintable

      Affected version of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL.

      The affected versions are before version 4.8.4. 

      Affected versions:

      • version < 4.8.4

      Fixed versions:

      • 4.8.4
      • 4.9.0

            [FE-7336] A user-supplied regex in EyeQL causes ReDoS - CVE-2020-14190

            Marek Parfianowicz made changes -
            Labels Original: CVE-2020-14190 advisory advisory-to-release cvss-medium release-48x release-490 security New: CVE-2020-14190 advisory advisory-to-release cvss-medium release-48x security
            Marek Parfianowicz made changes -
            Labels Original: CVE-2020-14190 advisory advisory-to-release cvss-medium release-490 security New: CVE-2020-14190 advisory advisory-to-release cvss-medium release-48x release-490 security
            Marek Parfianowicz made changes -
            Labels Original: CVE-2020-14190 advisory advisory-to-release cvss-medium security New: CVE-2020-14190 advisory advisory-to-release cvss-medium release-490 security
            Marek Parfianowicz made changes -
            Fix Version/s Original: 4.9.0 [ 90694 ]
            AB made changes -
            Summary Original: A user-supplied regex in EyeQL causes ReDoS - CVE-PENDING New: A user-supplied regex in EyeQL causes ReDoS - CVE-2020-14190
            AB made changes -
            Labels Original: advisory advisory-to-release cve-in-progress cvss-medium security New: CVE-2020-14190 advisory advisory-to-release cvss-medium security
            AB made changes -
            Summary Original: A user-supplied regex in EyeQL causes ReDoS New: A user-supplied regex in EyeQL causes ReDoS - CVE-PENDING
            AB made changes -
            Description Original: Affected version of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL.

            The affected versions are before version 4.8.4. 

            CVE Pending.

            *Affected versions:*
             * version < 4.8.4

            *Fixed versions:*
             * 4.8.4
             * 4.9.0             		New: Affected version of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL.

            The affected versions are before version 4.8.4. 

            *Affected versions:*
             * version < 4.8.4

            *Fixed versions:*
             * 4.8.4
             * 4.9.0
            David Black made changes -
            Description Original: Affected version of Atlassian FishEye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL.

            The affected versions are before version 4.8.4. 

            CVE Pending.

            *Affected versions:*
             * version < 4.8.4

            *Fixed versions:*
             * 4.8.4
             * 4.9.0             		New: Affected version of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL.

            The affected versions are before version 4.8.4. 

            CVE Pending.

            *Affected versions:*
             * version < 4.8.4

            *Fixed versions:*
             * 4.8.4
             * 4.9.0
            David Black made changes -
            Labels Original: advisory cve-in-progress cvss-medium security New: advisory advisory-to-release cve-in-progress cvss-medium security

              Unassigned Unassigned
              4497831d53ee Robin Sim
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: