Vulnerabilities > Atlassian > Crucible > 4.7.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-01 | CVE-2020-4016 | Information Exposure vulnerability in Atlassian Crucible The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability. | 5.0 |
2020-06-01 | CVE-2020-4015 | Information Exposure vulnerability in Atlassian Crucible The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability. | 4.0 |
2020-06-01 | CVE-2020-4014 | Incorrect Authorization vulnerability in Atlassian Crucible The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability. | 4.0 |