Vulnerabilities > Atlassian > Fisheye > 4.6.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-16 | CVE-2021-43955 | Unspecified vulnerability in Atlassian Crucible The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability. | 4.3 |
2022-03-16 | CVE-2021-43956 | Unspecified vulnerability in Atlassian Crucible The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability. network atlassian | 4.3 |
2022-03-16 | CVE-2021-43957 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. | 5.0 |
2022-03-16 | CVE-2021-43958 | Improper Restriction of Excessive Authentication Attempts vulnerability in Atlassian Crucible Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability. | 7.5 |
2022-03-14 | CVE-2021-43954 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Crucible The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability. | 4.0 |
2021-02-02 | CVE-2020-14192 | Information Exposure vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. | 4.0 |
2021-01-18 | CVE-2020-29446 | Information Exposure vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. | 5.0 |
2020-11-25 | CVE-2020-14190 | Missing Authorization vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. | 5.0 |
2020-11-25 | CVE-2020-14191 | Missing Authorization vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. | 5.0 |
2020-08-05 | CVE-2017-18112 | Information Exposure vulnerability in Atlassian Fisheye Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. | 4.0 |