CVE-2020-14190
First published: Wed Nov 25 2020(Updated: )
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Crucible | <4.8.4 | |
| Atlassian FishEye | <4.8.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID of this security issue is CVE-2020-14190.
What is the severity level of CVE-2020-14190?
The severity level of CVE-2020-14190 is high with a value of 7.5.
Which versions of Atlassian Fisheye/Crucible are affected?
The affected versions of Atlassian Fisheye/Crucible are before version 4.8.4.
How can remote attackers exploit this vulnerability?
Remote attackers can achieve Regex Denial of Service via user-supplied regex in EyeQL.
Are there any references for this vulnerability?
Yes, you can find references for this vulnerability at the following URLs: [https://jira.atlassian.com/browse/CRUC-8498](https://jira.atlassian.com/browse/CRUC-8498) and [https://jira.atlassian.com/browse/FE-7336](https://jira.atlassian.com/browse/FE-7336).
- collector/nvd-index
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/tags
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- agent/event
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/atlassian
- canonical/atlassian crucible
- canonical/atlassian fisheye