Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-16	CVE-2021-43955	Unspecified vulnerability in Atlassian Crucible The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability. network low complexity atlassian	4.3
2022-03-16	CVE-2021-43956	Unspecified vulnerability in Atlassian Crucible The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability. network low complexity atlassian	6.1
2022-03-14	CVE-2021-43954	Server-Side Request Forgery (SSRF) vulnerability in Atlassian Crucible The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability. network low complexity atlassian CWE-918	4.3
2021-02-02	CVE-2020-14192	Information Exposure vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. network low complexity atlassian CWE-200	4.3
2021-01-18	CVE-2020-29446	Authorization Bypass Through User-Controlled Key vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. network low complexity atlassian CWE-639	5.3
2020-12-21	CVE-2020-29447	Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Crucible Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. network low complexity atlassian CWE-434	4.3
2020-06-01	CVE-2020-4023	Cross-site Scripting vulnerability in Atlassian Crucible The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter. network low complexity atlassian CWE-79	5.4
2020-06-01	CVE-2020-4017	Unspecified vulnerability in Atlassian Crucible The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability. network low complexity atlassian	5.3
2020-06-01	CVE-2020-4016	Unspecified vulnerability in Atlassian Crucible The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability. network low complexity atlassian	5.3
2020-06-01	CVE-2020-4015	Unspecified vulnerability in Atlassian Crucible The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability. network low complexity atlassian	4.3