Vulnerabilities > Atlassian > Crucible > 4.7.4

DATE CVE VULNERABILITY TITLE RISK
2020-06-01 CVE-2020-4016 Information Exposure vulnerability in Atlassian Crucible
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability.
network
low complexity
atlassian CWE-200
5.0
5.0
2020-06-01 CVE-2020-4015 Information Exposure vulnerability in Atlassian Crucible
The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability.
network
low complexity
atlassian CWE-200
4.0
4.0
2020-06-01 CVE-2020-4014 Incorrect Authorization vulnerability in Atlassian Crucible
The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability.
network
low complexity
atlassian CWE-863
4.0
4.0