Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian crucible vulnerabilities and exploits
(subscribe to this query)
828
VMScore
CVE-2017-14591
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing malicious users to execute arbitrary code on a system running the impacted software.
Atlassian Fisheye
Atlassian Crucible 4.5.0
Atlassian Crucible
Atlassian Fisheye 4.5.0
312
VMScore
CVE-2017-18034
The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially craf...
Atlassian Crucible
Atlassian Fisheye 4.6.0
Atlassian Fisheye
Atlassian Crucible 4.6.0
312
VMScore
CVE-2017-18094
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setti...
Atlassian Fisheye 4.5.0
Atlassian Fisheye
Atlassian Crucible 4.5.0
Atlassian Crucible
312
VMScore
CVE-2017-9508
Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.
Atlassian Crucible 4.4.0
Atlassian Fisheye 4.3.1
Atlassian Fisheye 4.4.0
Atlassian Crucible 4.3.1
356
VMScore
CVE-2019-15009
The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote malicious users to remove another user's favourite setting for a project via an improper authorization vulnerability.
Atlassian Crucible
Atlassian Fisheye
445
VMScore
CVE-2020-4016
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote malicious users to get the ID of configured Jira application links via an information disclosure vulnerability.
Atlassian Crucible
Atlassian Fisheye
445
VMScore
CVE-2020-4017
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote malicious users to get information about any configured Jira application links via an information disclosure vulnerability.
Atlassian Crucible
Atlassian Fisheye
383
VMScore
CVE-2017-14588
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.
Atlassian Crucible
Atlassian Fisheye
445
VMScore
CVE-2021-43957
Affected versions of Atlassian Fisheye & Crucible allowed remote malicious users to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected vers...
Atlassian Crucible
Atlassian Fisheye
578
VMScore
CVE-2018-5223
Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on...
Atlassian Fisheye
Atlassian Crucible
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »