Latest atlassian crucible Vulnerabilities

CVE-2022-26137
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassi...
Atlassian Bamboo>=7.2.0<7.2.10
Atlassian Bamboo>=8.0.0<8.0.9
Atlassian Bamboo>=8.1.0<8.1.8
Atlassian Bamboo>=8.2.0<8.2.4
Atlassian Bitbucket<7.6.16
Atlassian Bitbucket>=7.7.0<7.17.8
and 36 more
CVE-2022-26136
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by e...
Atlassian Bamboo>=7.2.0<7.2.10
Atlassian Bamboo>=8.0.0<8.0.9
Atlassian Bamboo>=8.1.0<8.1.8
Atlassian Bamboo>=8.2.0<8.2.4
Atlassian Bitbucket<7.6.16
Atlassian Bitbucket>=7.7.0<7.17.8
and 36 more
CVE-2021-43958
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed...
Atlassian Crucible<4.8.9
Atlassian FishEye<4.8.9
CVE-2021-43956
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.
Atlassian Crucible<4.8.9
Atlassian FishEye<4.8.9
CVE-2021-43955
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disc...
Atlassian Crucible<4.8.9
Atlassian FishEye<4.8.9
CVE-2021-43954
The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network ...
Atlassian Crucible<4.8.9
Atlassian FishEye<4.8.9
CVE-2020-14192
Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. T...
Atlassian Crucible<4.8.4
Atlassian FishEye<4.8.4
CVE-2020-29446
Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected vers...
Atlassian Crucible<4.8.5
Atlassian FishEye<4.8.5
CVE-2020-29447
Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. ...
Atlassian Crucible<4.7.4
Atlassian Crucible>=4.8.0<4.8.5
CVE-2020-14190
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.
Atlassian Crucible<4.8.4
Atlassian FishEye<4.8.4
CVE-2020-14191
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassia...
Atlassian Crucible<4.8.4
Atlassian FishEye<4.8.4
CVE-2020-4023
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability throug...
Atlassian Crucible<4.8.2
Atlassian FishEye<4.8.2
CVE-2020-4018
The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability.
Atlassian Crucible<4.8.1
Atlassian FishEye<4.8.1
CVE-2020-4017
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configure...
Atlassian Crucible<4.8.1
Atlassian FishEye<4.8.1
CVE-2020-4015
The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability.
Atlassian Crucible<4.8.1
Atlassian FishEye<4.8.1
CVE-2020-4013
The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the rev...
Atlassian Crucible<4.8.1
Atlassian FishEye<4.8.1
CVE-2020-4014
The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authoriz...
Atlassian Crucible<4.8.1
Atlassian FishEye<4.8.1
CVE-2020-4016
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application...
Atlassian Crucible<4.8.1
Atlassian FishEye<4.8.1
CVE-2019-15009
The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper aut...
Atlassian Crucible<4.8.0
Atlassian FishEye<4.8.0
CVE-2019-15008
The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulner...
Atlassian Crucible<4.7.3
Atlassian FishEye<4.7.3
CVE-2019-15007
The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the nam...
Atlassian Crucible<4.7.3
Atlassian FishEye<4.7.3
CVE-2019-15005
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to ...
Atlassian Troubleshooting and Support<1.17.2
Atlassian Bamboo<6.10.2
Atlassian Bitbucket<6.6.0
Atlassian Confluence<7.0.1
Atlassian Crowd<3.6.0
Atlassian Crucible<4.7.2
and 2 more
CVE-2018-20239
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attacker...
Atlassian Application Links<5.0.11
Atlassian Application Links>=5.1.0<5.2.10
Atlassian Application Links>=5.3.0<5.3.6
Atlassian Application Links>=5.4.0<5.4.12
Atlassian Application Links>=6.0.0<6.0.4
Atlassian Confluence Data Center<6.15.2
and 8 more
CVE-2018-20241
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerabili...
Atlassian Crucible<4.7.0
Atlassian FishEye<4.7.0
CVE-2018-13399
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
Atlassian Crucible<4.6.1
Atlassian FishEye<4.6.1
CVE-2018-13398
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnera...
Atlassian Crucible<4.5.4
Atlassian FishEye<4.5.4
CVE-2018-13388
The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in a...
Atlassian Crucible<4.5.3
Atlassian FishEye<4.5.3
CVE-2017-16859
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within c...
Atlassian Crucible<4.3.2
Atlassian Crucible>=4.4.0<4.4.3
Atlassian Crucible>=4.4.5<4.5.0
Atlassian FishEye<4.3.2
Atlassian FishEye>=4.4.0<4.4.3
Atlassian FishEye>=4.4.5<4.5.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203