Vulnerabilities > Atlassian > Crucible
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-25 | CVE-2020-14190 | Resource Exhaustion vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. | 7.5 |
| 2020-11-25 | CVE-2020-14191 | Unspecified vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. | 7.5 |
| 2020-06-01 | CVE-2020-4023 | Cross-site Scripting vulnerability in Atlassian Crucible The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter. | 5.4 |
| 2020-06-01 | CVE-2020-4018 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Crucible The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability. | 8.8 |
| 2020-06-01 | CVE-2020-4017 | Unspecified vulnerability in Atlassian Crucible The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability. | 5.3 |
| 2020-06-01 | CVE-2020-4016 | Unspecified vulnerability in Atlassian Crucible The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability. | 5.3 |
| 2020-06-01 | CVE-2020-4015 | Unspecified vulnerability in Atlassian Crucible The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability. | 4.3 |
| 2020-06-01 | CVE-2020-4014 | Unspecified vulnerability in Atlassian Crucible The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability. | 4.3 |
| 2020-06-01 | CVE-2020-4013 | Cross-site Scripting vulnerability in Atlassian Crucible The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives. | 5.4 |
| 2019-12-11 | CVE-2019-15009 | Unspecified vulnerability in Atlassian Crucible The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability. | 4.3 |