Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crucible vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2017-18035
The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existe...
Atlassian Fisheye
Atlassian Crucible
312
VMScore
CVE-2019-15007
The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch.
Atlassian Crucible
Atlassian Fisheye
356
VMScore
CVE-2019-15009
The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote malicious users to remove another user's favourite setting for a project via an improper authorization vulnerability.
Atlassian Crucible
Atlassian Fisheye
445
VMScore
CVE-2020-14191
Affected versions of Atlassian Fisheye/Crucible allow remote malicious users to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4.
Atlassian Crucible
Atlassian Fisheye
312
VMScore
CVE-2018-20240
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.
Atlassian Crucible
Atlassian Fisheye
668
VMScore
CVE-2021-43958
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote malicious users to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to prov...
Atlassian Crucible
Atlassian Fisheye
356
VMScore
CVE-2017-16859
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 prior to 4.4.3 and before version 4.5.0 allows remote malicious users to read files contained within context path of the running application through a path traversal vulnerab...
Atlassian Crucible
Atlassian Fisheye
668
VMScore
CVE-2017-16861
It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Cr...
Atlassian Fisheye
Atlassian Crucible
445
VMScore
CVE-2020-29446
Affected versions of Atlassian Fisheye & Crucible allow remote malicious users to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5.
Atlassian Crucible
Atlassian Fisheye
445
VMScore
CVE-2020-4016
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote malicious users to get the ID of configured Jira application links via an information disclosure vulnerability.
Atlassian Crucible
Atlassian Fisheye
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »