Loading...

XML

Word

Printable

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 4.8.9
Affects Version/s: 4.8.8
Component/s: None
Labels:

CVSS Score:
5.8
CVSS Severity:
Medium
CVE ID:
CVE-2021-43957

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9.

Affected versions:

version < 4.8.9

Fixed versions:

4.8.9

is related to

CRUC-8496 Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446

Published

FE-7326 Local file disclosure / path traversal within WEB-INF in Crucible - CVE-2020-29446

Published

relates to

CRUC-8524 CVE-2021-43957: Bypass for CVE-2020-29446 (Local file disclosure / path traversal within WEB-INF)

Published

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 07/Mar/2022 8:02 AM

Updated:: 09/Nov/2023 9:44 AM

Resolved:: 14/Mar/2022 5:11 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates