CVE-2018-13399
First published: Tue Oct 16 2018(Updated: )
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Crucible | <4.6.1 | |
| Atlassian FishEye | <4.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2018-13399?
CVE-2018-13399 is a vulnerability in the Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 that allows local attackers to escalate privileges due to weak permissions on the installation directory.
How does CVE-2018-13399 affect Atlassian Crucible and FishEye?
CVE-2018-13399 affects Atlassian Crucible and FishEye before version 4.6.1.
What is the severity of CVE-2018-13399?
CVE-2018-13399 has a severity keyword of 'high' and a severity value of 7.8.
How can local attackers exploit CVE-2018-13399?
Local attackers can exploit CVE-2018-13399 by leveraging weak permissions on the installation directory to escalate privileges.
How can I fix CVE-2018-13399?
To fix CVE-2018-13399, you should update Atlassian Fisheye and Crucible to version 4.6.1 or higher.
- collector/nvd-index
- vendor/atlassian
- canonical/atlassian crucible
- canonical/atlassian fisheye