Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crucible vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2017-18035
The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existe...
Atlassian Fisheye
Atlassian Crucible
4.8
CVSSv3
CVE-2017-18093
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and prior to 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability...
Atlassian Fisheye
Atlassian Crucible
6.5
CVSSv3
CVE-2017-16859
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 prior to 4.4.3 and before version 4.5.0 allows remote malicious users to read files contained within context path of the running application through a path traversal vulnerab...
Atlassian Crucible
Atlassian Fisheye
4.8
CVSSv3
CVE-2017-18091
The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and prior to 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in ...
Atlassian Fisheye
Atlassian Crucible
4.8
CVSSv3
CVE-2018-20240
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.
Atlassian Crucible
Atlassian Fisheye
5.4
CVSSv3
CVE-2018-20241
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.
Atlassian Fisheye
Atlassian Crucible
7.5
CVSSv3
CVE-2020-14190
Affected versions of Atlassian Fisheye/Crucible allow remote malicious users to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.
Atlassian Crucible
Atlassian Fisheye
7.5
CVSSv3
CVE-2020-14191
Affected versions of Atlassian Fisheye/Crucible allow remote malicious users to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4.
Atlassian Crucible
Atlassian Fisheye
6.1
CVSSv3
CVE-2019-15008
The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter.
Atlassian Crucible
Atlassian Fisheye
4.3
CVSSv3
CVE-2021-43954
The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vuln...
Atlassian Crucible
Atlassian Fisheye
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »