Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crucible vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-43955
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote malicious users to obtain information about installation directories via information disclosure vulnerability.
Atlassian Crucible
Atlassian Fisheye
668
VMScore
CVE-2021-43958
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote malicious users to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to prov...
Atlassian Crucible
Atlassian Fisheye
356
VMScore
CVE-2021-43954
The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vuln...
Atlassian Crucible
Atlassian Fisheye
445
VMScore
CVE-2021-43957
Affected versions of Atlassian Fisheye & Crucible allowed remote malicious users to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected vers...
Atlassian Crucible
Atlassian Fisheye
409
VMScore
CVE-2018-13399
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local malicious users to escalate privileges because of weak permissions on the installation directory.
Atlassian Fisheye
Atlassian Crucible
312
VMScore
CVE-2018-20240
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.
Atlassian Fisheye
Atlassian Crucible
312
VMScore
CVE-2018-20241
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.
Atlassian Fisheye
Atlassian Crucible
356
VMScore
CVE-2017-16859
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 prior to 4.4.3 and before version 4.5.0 allows remote malicious users to read files contained within context path of the running application through a path traversal vulnerab...
Atlassian Crucible
Atlassian Fisheye
312
VMScore
CVE-2020-4013
The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote malicious users to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.
Atlassian Crucible
Atlassian Fisheye
356
VMScore
CVE-2020-4014
The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote malicious users to remove another user's watching settings for a repository via an improper authorization vulnerability.
Atlassian Crucible
Atlassian Fisheye
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »