CVE-2017-18095
First published: Mon Feb 19 2018(Updated: )
The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Crucible | <4.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2017-18095?
CVE-2017-18095 is a vulnerability in Atlassian Crucible that allows remote attackers to comment on snippets they do not have authorization to access.
What is the severity of CVE-2017-18095?
CVE-2017-18095 has a severity rating of 5.3 (medium).
How can the SnippetRPCServiceImpl class in Atlassian Crucible be exploited?
The SnippetRPCServiceImpl class in Atlassian Crucible can be exploited by remote attackers to comment on snippets they do not have authorization to access.
Is there a fix available for CVE-2017-18095?
Yes, the fixed version 4.5.x and version 4.6.0 of Atlassian Crucible include fixes for CVE-2017-18095.
Where can I find more information about CVE-2017-18095?
More information about CVE-2017-18095 can be found at the following references: [1] http://www.securityfocus.com/bid/103207 [2] https://jira.atlassian.com/browse/CRUC-8178
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/atlassian
- canonical/atlassian crucible