Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fisheye
(Atlassian)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 51 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-01 | CVE-2020-4015 | The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability. | Crucible, Fisheye | 4.3 | ||
| 2020-06-01 | CVE-2020-4016 | The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability. | Crucible, Fisheye | 5.3 | ||
| 2020-06-01 | CVE-2020-4017 | The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability. | Crucible, Fisheye | 5.3 | ||
| 2020-11-25 | CVE-2020-14191 | Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. | Crucible, Fisheye | 7.5 | ||
| 2020-11-25 | CVE-2020-14190 | Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4. | Crucible, Fisheye | 7.5 | ||
| 2021-01-18 | CVE-2020-29446 | Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5. | Crucible, Fisheye | 5.3 | ||
| 2021-02-02 | CVE-2020-14192 | Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4. | Crucible, Fisheye | 4.3 | ||
| 2017-08-24 | CVE-2017-9512 | The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks. | Crucible, Fisheye | 7.5 | ||
| 2017-08-24 | CVE-2017-9511 | The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system. | Crucible, Fisheye | 7.5 | ||
| 2017-08-24 | CVE-2017-9510 | The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters. | Fisheye | 5.4 |