Vulnerabilities > Atlassian > Crucible > 2.4.1

DATE CVE VULNERABILITY TITLE RISK
2019-11-08 CVE-2019-15005 Missing Authorization vulnerability in Atlassian products
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check.
network
low complexity
atlassian CWE-862
4.0
4.0
2019-04-30 CVE-2018-20239 Cross-site Scripting vulnerability in Atlassian products
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter.
network
atlassian CWE-79
3.5
3.5
2019-02-20 CVE-2018-20241 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.
network
atlassian CWE-79
3.5
3.5
2019-02-20 CVE-2018-20240 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.
network
atlassian CWE-79
3.5
3.5
2018-10-16 CVE-2018-13399 Incorrect Permission Assignment for Critical Resource vulnerability in Atlassian Crucible and Fisheye
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
local
low complexity
atlassian CWE-732
4.6
4.6
2018-09-18 CVE-2018-13398 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Crucible and Fisheye
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability.
network
atlassian CWE-352
4.3
4.3
2018-08-13 CVE-2018-13392 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys.
network
atlassian CWE-79
4.3
4.3
2018-07-10 CVE-2018-13388 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files.
network
atlassian CWE-79
3.5
3.5
2018-06-28 CVE-2017-16859 Path Traversal vulnerability in Atlassian Crucible and Fisheye
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter.
network
low complexity
atlassian CWE-22
4.0
4.0
2018-04-24 CVE-2018-5228 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers.
network
atlassian CWE-79
4.3
4.3