Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian crucible vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2017-14591
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing malicious users to execute arbitrary code on a system running the impacted software.
Atlassian Fisheye
Atlassian Crucible 4.5.0
Atlassian Crucible
Atlassian Fisheye 4.5.0
3.5
CVSSv2
CVE-2017-18034
The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially craf...
Atlassian Crucible
Atlassian Fisheye 4.6.0
Atlassian Fisheye
Atlassian Crucible 4.6.0
3.5
CVSSv2
CVE-2017-18094
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setti...
Atlassian Fisheye 4.5.0
Atlassian Fisheye
Atlassian Crucible 4.5.0
Atlassian Crucible
3.5
CVSSv2
CVE-2017-9508
Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.
Atlassian Crucible 4.4.0
Atlassian Fisheye 4.3.1
Atlassian Fisheye 4.4.0
Atlassian Crucible 4.3.1
3.5
CVSSv2
CVE-2018-13388
The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files.
Atlassian Crucible
Atlassian Fisheye
4.3
CVSSv2
CVE-2018-13392
Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys.
Atlassian Fisheye
Atlassian Crucible
4.3
CVSSv2
CVE-2018-13398
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote malicious users to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability.
Atlassian Crucible
Atlassian Fisheye
4.6
CVSSv2
CVE-2018-13399
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local malicious users to escalate privileges because of weak permissions on the installation directory.
Atlassian Fisheye
Atlassian Crucible
5
CVSSv2
CVE-2020-4016
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote malicious users to get the ID of configured Jira application links via an information disclosure vulnerability.
Atlassian Crucible
Atlassian Fisheye
5
CVSSv2
CVE-2017-9511
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote malicious users to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.
Atlassian Fisheye
Atlassian Crucible
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »