CVE-2017-9512: Infoleak
First published: Thu Aug 24 2017(Updated: )
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.
Credit: security@atlassian.com security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Crucible | <=4.4.0 | |
| Atlassian FishEye | <=4.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-9512?
CVE-2017-9512 is considered a medium severity vulnerability since it allows anonymous attackers to access sensitive information.
How do I fix CVE-2017-9512?
To fix CVE-2017-9512, update Atlassian Fisheye and Crucible to version 4.4.1 or later.
What information can be exposed due to CVE-2017-9512?
CVE-2017-9512 may expose sensitive information such as email addresses of committers due to the lack of permission checks.
Which versions of Atlassian Fisheye are affected by CVE-2017-9512?
Versions of Atlassian Fisheye up to and including 4.4.0 are affected by CVE-2017-9512.
Which versions of Atlassian Crucible are affected by CVE-2017-9512?
Versions of Atlassian Crucible up to and including 4.4.0 are affected by CVE-2017-9512.
- agent/references
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/atlassian
- canonical/atlassian crucible
- version/atlassian crucible/4.4.0
- canonical/atlassian fisheye
- version/atlassian fisheye/4.4.0