CVE-2017-9512: Infoleak
First published: Thu Aug 24 2017(Updated: )
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.
Credit: security@atlassian.com security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Crucible | <=4.4.0 | |
| Atlassian FishEye | <=4.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/atlassian
- canonical/atlassian crucible
- version/atlassian crucible/4.4.0
- canonical/atlassian fisheye
- version/atlassian fisheye/4.4.0