CVE-2018-13398: CSRF
First published: Tue Sep 18 2018(Updated: )
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Crucible | <4.5.4 | |
| Atlassian FishEye | <4.5.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2018-13398.
What is the affected software?
The affected software includes Atlassian Crucible and Atlassian FishEye versions up to 4.5.4.
What is the severity of CVE-2018-13398?
The severity of CVE-2018-13398 is medium (CVSS score 6.5).
How does CVE-2018-13398 allow remote attackers to modify smart-commit settings?
CVE-2018-13398 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability.
Is there a fix available for CVE-2018-13398?
Yes, the fix for CVE-2018-13398 is available in version 4.5.4 of Atlassian Crucible and Atlassian FishEye.
- collector/nvd-index
- vendor/atlassian
- canonical/atlassian crucible
- canonical/atlassian fisheye