Atlassian

Crucible

52 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2019-15009

  • EPSS 0.26%
  • Veröffentlicht 11.12.2019 15:15:14
  • Zuletzt bearbeitet 21.11.2024 04:27:51

The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability.

6.1

CVE-2019-15008

  • EPSS 0.41%
  • Veröffentlicht 11.12.2019 15:15:14
  • Zuletzt bearbeitet 21.11.2024 04:27:51

The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter.

4.8

CVE-2019-15007

  • EPSS 0.22%
  • Veröffentlicht 11.12.2019 15:15:14
  • Zuletzt bearbeitet 21.11.2024 04:27:51

The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch.

4.3

CVE-2019-15005

  • EPSS 0.21%
  • Veröffentlicht 08.11.2019 04:15:10
  • Zuletzt bearbeitet 21.11.2024 04:27:51

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message m...

5.4

CVE-2018-20239

  • EPSS 0.41%
  • Veröffentlicht 30.04.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:01:08

Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cro...

5.4

CVE-2018-20241

  • EPSS 0.2%
  • Veröffentlicht 20.02.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:01:09

The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.

4.8

CVE-2018-20240

  • EPSS 0.18%
  • Veröffentlicht 20.02.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:01:08

The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.

7.8

CVE-2018-13399

  • EPSS 0.02%
  • Veröffentlicht 16.10.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:47:01

The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.

6.5

CVE-2018-13398

  • EPSS 0.14%
  • Veröffentlicht 18.09.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:47:01

The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability.

6.1

CVE-2018-13392

  • EPSS 0.4%
  • Veröffentlicht 13.08.2018 13:29:02
  • Zuletzt bearbeitet 21.11.2024 03:47:00

Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys.