Vulnerabilities > Atlassian > Crucible > 3.6.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-01 | CVE-2020-4023 | Cross-site Scripting vulnerability in Atlassian Crucible The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter. | 4.3 |
| 2020-06-01 | CVE-2020-4018 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Crucible The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability. | 6.8 |
| 2020-06-01 | CVE-2020-4017 | Information Exposure vulnerability in Atlassian Crucible The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability. | 5.0 |
| 2020-06-01 | CVE-2020-4016 | Information Exposure vulnerability in Atlassian Crucible The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability. | 5.0 |
| 2020-06-01 | CVE-2020-4015 | Information Exposure vulnerability in Atlassian Crucible The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability. | 4.0 |
| 2020-06-01 | CVE-2020-4014 | Incorrect Authorization vulnerability in Atlassian Crucible The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability. | 4.0 |
| 2020-06-01 | CVE-2020-4013 | Cross-site Scripting vulnerability in Atlassian Crucible The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives. | 3.5 |
| 2019-12-11 | CVE-2019-15009 | Unspecified vulnerability in Atlassian Crucible The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability. | 4.0 |
| 2019-12-11 | CVE-2019-15008 | Cross-site Scripting vulnerability in Atlassian Crucible The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter. | 4.3 |
| 2019-12-11 | CVE-2019-15007 | Cross-site Scripting vulnerability in Atlassian Crucible The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch. | 3.5 |