Atlassian

Crucible

52 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2020-29447

  • EPSS 0.45%
  • Veröffentlicht 21.12.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 05:24:01

Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, an...

7.5

CVE-2020-14190

  • EPSS 0.82%
  • Veröffentlicht 25.11.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:50

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.

7.5

CVE-2020-14191

  • EPSS 0.82%
  • Veröffentlicht 25.11.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:50

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before versio...

5.4

CVE-2020-4023

  • EPSS 0.34%
  • Veröffentlicht 01.06.2020 07:15:11
  • Zuletzt bearbeitet 21.11.2024 05:32:10

The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter.

8.8

CVE-2020-4018

  • EPSS 0.16%
  • Veröffentlicht 01.06.2020 07:15:10
  • Zuletzt bearbeitet 21.11.2024 05:32:09

The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability.

5.3

CVE-2020-4017

  • EPSS 0.41%
  • Veröffentlicht 01.06.2020 07:15:10
  • Zuletzt bearbeitet 21.11.2024 05:32:09

The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclo...

5.3

CVE-2020-4016

  • EPSS 0.41%
  • Veröffentlicht 01.06.2020 07:15:10
  • Zuletzt bearbeitet 21.11.2024 05:32:09

The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability...

4.3

CVE-2020-4015

  • EPSS 0.37%
  • Veröffentlicht 01.06.2020 07:15:10
  • Zuletzt bearbeitet 21.11.2024 05:32:09

The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability.

4.3

CVE-2020-4014

  • EPSS 0.25%
  • Veröffentlicht 01.06.2020 07:15:10
  • Zuletzt bearbeitet 21.11.2024 05:32:09

The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability.

5.4

CVE-2020-4013

  • EPSS 0.22%
  • Veröffentlicht 01.06.2020 07:15:10
  • Zuletzt bearbeitet 21.11.2024 05:32:09

The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.