Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian fisheye vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-16861
It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Cr...
Atlassian Fisheye
Atlassian Crucible
4
CVSSv2
CVE-2017-16859
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 prior to 4.4.3 and before version 4.5.0 allows remote malicious users to read files contained within context path of the running application through a path traversal vulnerab...
Atlassian Crucible
Atlassian Fisheye
5
CVSSv2
CVE-2017-9511
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote malicious users to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.
Atlassian Fisheye
Atlassian Crucible
5
CVSSv2
CVE-2020-29446
Affected versions of Atlassian Fisheye & Crucible allow remote malicious users to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5.
Atlassian Crucible
Atlassian Fisheye
3.5
CVSSv2
CVE-2018-13388
The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files.
Atlassian Crucible
Atlassian Fisheye
4.3
CVSSv2
CVE-2018-13392
Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys.
Atlassian Fisheye
Atlassian Crucible
4.3
CVSSv2
CVE-2018-13398
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote malicious users to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability.
Atlassian Crucible
Atlassian Fisheye
4.6
CVSSv2
CVE-2018-13399
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local malicious users to escalate privileges because of weak permissions on the installation directory.
Atlassian Fisheye
Atlassian Crucible
3.5
CVSSv2
CVE-2018-20240
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.
Atlassian Crucible
Atlassian Fisheye
3.5
CVSSv2
CVE-2018-20241
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.
Atlassian Fisheye
Atlassian Crucible
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »