The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote malicious users to access sensitive information, for example email addresses of committers, as it lacked permission checks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian fisheye |
||
atlassian crucible |