Search criteria
10 vulnerabilities found for Atlassian Fisheye and Crucible by Atlassian
CVE-2017-14588 (GCVE-0-2017-14588)
Vulnerability from nvd – Published: 2017-10-11 18:00 – Updated: 2024-10-15 19:14
VLAI
Summary
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross Site Scripting (XSS)
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/101268 | vdb-entryx_refsource_BID |
| https://jira.atlassian.com/browse/FE-6935 | x_refsource_MISC |
| https://jira.atlassian.com/browse/CRUC-8113 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Atlassian Fisheye and Crucible |
Affected:
All versions prior to version 4.4.2
|
Date Public
2017-10-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101268",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101268"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/FE-6935"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CRUC-8113"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-14588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T19:14:27.079452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:14:38.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Atlassian Fisheye and Crucible",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.4.2"
}
]
}
],
"datePublic": "2017-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-25T13:56:32.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"name": "101268",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101268"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/FE-6935"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CRUC-8113"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-14588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atlassian Fisheye and Crucible",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.4.2"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101268"
},
{
"name": "https://jira.atlassian.com/browse/FE-6935",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/FE-6935"
},
{
"name": "https://jira.atlassian.com/browse/CRUC-8113",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CRUC-8113"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-14588",
"datePublished": "2017-10-11T18:00:00.000Z",
"dateReserved": "2017-09-19T00:00:00.000Z",
"dateUpdated": "2024-10-15T19:14:38.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14587 (GCVE-0-2017-14587)
Vulnerability from nvd – Published: 2017-10-11 18:00 – Updated: 2024-09-17 01:55
VLAI
Summary
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.
Severity
No CVSS data available.
CWE
- Cross Site Scripting (XSS)
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/101266 | vdb-entryx_refsource_BID |
| https://jira.atlassian.com/browse/CRUC-8112 | x_refsource_MISC |
| https://jira.atlassian.com/browse/FE-6933 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Atlassian Fisheye and Crucible |
Affected:
All versions prior to version 4.4.2
|
Date Public
2017-10-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:38.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101266",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101266"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CRUC-8112"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/FE-6933"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Atlassian Fisheye and Crucible",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.4.2"
}
]
}
],
"datePublic": "2017-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-25T13:56:32.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"name": "101266",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101266"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CRUC-8112"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/FE-6933"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-14587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atlassian Fisheye and Crucible",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.4.2"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101266"
},
{
"name": "https://jira.atlassian.com/browse/CRUC-8112",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CRUC-8112"
},
{
"name": "https://jira.atlassian.com/browse/FE-6933",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/FE-6933"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-14587",
"datePublished": "2017-10-11T18:00:00.000Z",
"dateReserved": "2017-09-19T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:55:33.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9511 (GCVE-0-2017-9511)
Vulnerability from nvd – Published: 2017-08-24 18:00 – Updated: 2024-10-15 19:18
VLAI
Summary
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Path Traversal
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jira.atlassian.com/browse/CRUC-8049 | x_refsource_MISC |
| https://jira.atlassian.com/browse/FE-6891 | x_refsource_MISC |
Impacted products
3 products
Date Public
2017-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:01.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CRUC-8049"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/FE-6891"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fisheye",
"vendor": "atlassian",
"versions": [
{
"lessThan": "4.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "crucible",
"vendor": "atlassian",
"versions": [
{
"lessThan": "4.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-9511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T19:16:41.216703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:18:49.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Atlassian Fisheye and Crucible",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.4.1"
}
]
}
],
"datePublic": "2017-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-25T13:56:32.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CRUC-8049"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/FE-6891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-07-17T00:00:00",
"ID": "CVE-2017-9511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atlassian Fisheye and Crucible",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.4.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CRUC-8049",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CRUC-8049"
},
{
"name": "https://jira.atlassian.com/browse/FE-6891",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/FE-6891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-9511",
"datePublished": "2017-08-24T18:00:00.000Z",
"dateReserved": "2017-06-07T00:00:00.000Z",
"dateUpdated": "2024-10-15T19:18:49.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9512 (GCVE-0-2017-9512)
Vulnerability from nvd – Published: 2017-08-24 17:00 – Updated: 2024-10-16 14:05
VLAI
Summary
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jira.atlassian.com/browse/CRUC-8053 | x_refsource_MISC |
| https://jira.atlassian.com/browse/FE-6892 | x_refsource_MISC |
Impacted products
3 products
Date Public
2017-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:01.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CRUC-8053"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/FE-6892"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fisheye",
"vendor": "atlassian",
"versions": [
{
"lessThan": "4.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "crucible",
"vendor": "atlassian",
"versions": [
{
"lessThan": "4.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-9512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T14:03:50.713684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T14:05:19.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Atlassian Fisheye and Crucible",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.4.1"
}
]
}
],
"datePublic": "2017-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-25T13:56:32.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CRUC-8053"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/FE-6892"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-07-17T00:00:00",
"ID": "CVE-2017-9512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atlassian Fisheye and Crucible",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.4.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CRUC-8053",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CRUC-8053"
},
{
"name": "https://jira.atlassian.com/browse/FE-6892",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/FE-6892"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-9512",
"datePublished": "2017-08-24T17:00:00.000Z",
"dateReserved": "2017-06-07T00:00:00.000Z",
"dateUpdated": "2024-10-16T14:05:19.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9508 (GCVE-0-2017-9508)
Vulnerability from nvd – Published: 2017-08-24 17:00 – Updated: 2024-10-15 19:23
VLAI
Summary
Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross Site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jira.atlassian.com/browse/CRUC-8044 | x_refsource_MISC |
| https://jira.atlassian.com/browse/FE-6898 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Atlassian Fisheye and Crucible |
Affected:
All versions prior to version 4.4.1
|
Date Public
2017-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:01.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CRUC-8044"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/FE-6898"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-9508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T19:23:11.170253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:23:22.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Atlassian Fisheye and Crucible",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.4.1"
}
]
}
],
"datePublic": "2017-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-25T13:56:32.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CRUC-8044"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/FE-6898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-07-17T00:00:00",
"ID": "CVE-2017-9508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atlassian Fisheye and Crucible",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.4.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CRUC-8044",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CRUC-8044"
},
{
"name": "https://jira.atlassian.com/browse/FE-6898",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/FE-6898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-9508",
"datePublished": "2017-08-24T17:00:00.000Z",
"dateReserved": "2017-06-07T00:00:00.000Z",
"dateUpdated": "2024-10-15T19:23:22.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14588 (GCVE-0-2017-14588)
Vulnerability from cvelistv5 – Published: 2017-10-11 18:00 – Updated: 2024-10-15 19:14
VLAI
Summary
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross Site Scripting (XSS)
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/101268 | vdb-entryx_refsource_BID |
| https://jira.atlassian.com/browse/FE-6935 | x_refsource_MISC |
| https://jira.atlassian.com/browse/CRUC-8113 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Atlassian Fisheye and Crucible |
Affected:
All versions prior to version 4.4.2
|
Date Public
2017-10-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101268",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101268"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/FE-6935"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CRUC-8113"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-14588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T19:14:27.079452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:14:38.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Atlassian Fisheye and Crucible",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.4.2"
}
]
}
],
"datePublic": "2017-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-25T13:56:32.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"name": "101268",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101268"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/FE-6935"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CRUC-8113"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-14588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atlassian Fisheye and Crucible",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.4.2"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101268"
},
{
"name": "https://jira.atlassian.com/browse/FE-6935",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/FE-6935"
},
{
"name": "https://jira.atlassian.com/browse/CRUC-8113",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CRUC-8113"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-14588",
"datePublished": "2017-10-11T18:00:00.000Z",
"dateReserved": "2017-09-19T00:00:00.000Z",
"dateUpdated": "2024-10-15T19:14:38.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14587 (GCVE-0-2017-14587)
Vulnerability from cvelistv5 – Published: 2017-10-11 18:00 – Updated: 2024-09-17 01:55
VLAI
Summary
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.
Severity
No CVSS data available.
CWE
- Cross Site Scripting (XSS)
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/101266 | vdb-entryx_refsource_BID |
| https://jira.atlassian.com/browse/CRUC-8112 | x_refsource_MISC |
| https://jira.atlassian.com/browse/FE-6933 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Atlassian Fisheye and Crucible |
Affected:
All versions prior to version 4.4.2
|
Date Public
2017-10-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:38.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101266",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101266"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CRUC-8112"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/FE-6933"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Atlassian Fisheye and Crucible",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.4.2"
}
]
}
],
"datePublic": "2017-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-25T13:56:32.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"name": "101266",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101266"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CRUC-8112"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/FE-6933"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-14587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atlassian Fisheye and Crucible",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.4.2"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101266"
},
{
"name": "https://jira.atlassian.com/browse/CRUC-8112",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CRUC-8112"
},
{
"name": "https://jira.atlassian.com/browse/FE-6933",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/FE-6933"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-14587",
"datePublished": "2017-10-11T18:00:00.000Z",
"dateReserved": "2017-09-19T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:55:33.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9511 (GCVE-0-2017-9511)
Vulnerability from cvelistv5 – Published: 2017-08-24 18:00 – Updated: 2024-10-15 19:18
VLAI
Summary
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Path Traversal
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jira.atlassian.com/browse/CRUC-8049 | x_refsource_MISC |
| https://jira.atlassian.com/browse/FE-6891 | x_refsource_MISC |
Impacted products
3 products
Date Public
2017-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:01.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CRUC-8049"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/FE-6891"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fisheye",
"vendor": "atlassian",
"versions": [
{
"lessThan": "4.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "crucible",
"vendor": "atlassian",
"versions": [
{
"lessThan": "4.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-9511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T19:16:41.216703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:18:49.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Atlassian Fisheye and Crucible",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.4.1"
}
]
}
],
"datePublic": "2017-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-25T13:56:32.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CRUC-8049"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/FE-6891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-07-17T00:00:00",
"ID": "CVE-2017-9511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atlassian Fisheye and Crucible",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.4.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CRUC-8049",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CRUC-8049"
},
{
"name": "https://jira.atlassian.com/browse/FE-6891",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/FE-6891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-9511",
"datePublished": "2017-08-24T18:00:00.000Z",
"dateReserved": "2017-06-07T00:00:00.000Z",
"dateUpdated": "2024-10-15T19:18:49.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9508 (GCVE-0-2017-9508)
Vulnerability from cvelistv5 – Published: 2017-08-24 17:00 – Updated: 2024-10-15 19:23
VLAI
Summary
Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross Site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jira.atlassian.com/browse/CRUC-8044 | x_refsource_MISC |
| https://jira.atlassian.com/browse/FE-6898 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Atlassian Fisheye and Crucible |
Affected:
All versions prior to version 4.4.1
|
Date Public
2017-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:01.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CRUC-8044"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/FE-6898"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-9508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T19:23:11.170253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:23:22.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Atlassian Fisheye and Crucible",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.4.1"
}
]
}
],
"datePublic": "2017-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-25T13:56:32.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CRUC-8044"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/FE-6898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-07-17T00:00:00",
"ID": "CVE-2017-9508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atlassian Fisheye and Crucible",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.4.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CRUC-8044",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CRUC-8044"
},
{
"name": "https://jira.atlassian.com/browse/FE-6898",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/FE-6898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-9508",
"datePublished": "2017-08-24T17:00:00.000Z",
"dateReserved": "2017-06-07T00:00:00.000Z",
"dateUpdated": "2024-10-15T19:23:22.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9512 (GCVE-0-2017-9512)
Vulnerability from cvelistv5 – Published: 2017-08-24 17:00 – Updated: 2024-10-16 14:05
VLAI
Summary
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jira.atlassian.com/browse/CRUC-8053 | x_refsource_MISC |
| https://jira.atlassian.com/browse/FE-6892 | x_refsource_MISC |
Impacted products
3 products
Date Public
2017-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:01.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CRUC-8053"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/FE-6892"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fisheye",
"vendor": "atlassian",
"versions": [
{
"lessThan": "4.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "crucible",
"vendor": "atlassian",
"versions": [
{
"lessThan": "4.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-9512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T14:03:50.713684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T14:05:19.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Atlassian Fisheye and Crucible",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.4.1"
}
]
}
],
"datePublic": "2017-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-25T13:56:32.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CRUC-8053"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/FE-6892"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-07-17T00:00:00",
"ID": "CVE-2017-9512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atlassian Fisheye and Crucible",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.4.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CRUC-8053",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CRUC-8053"
},
{
"name": "https://jira.atlassian.com/browse/FE-6892",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/FE-6892"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-9512",
"datePublished": "2017-08-24T17:00:00.000Z",
"dateReserved": "2017-06-07T00:00:00.000Z",
"dateUpdated": "2024-10-16T14:05:19.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}