The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote malicious users to view user user email addresses via a information disclosure vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian crucible |
||
atlassian fisheye |