CVE-2020-4016
First published: Mon Jun 01 2020(Updated: )
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Crucible | <4.8.1 | |
| Atlassian FishEye | <4.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-4016?
CVE-2020-4016 is a vulnerability in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 that allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability.
What is the severity of CVE-2020-4016?
The severity of CVE-2020-4016 is medium with a CVSS score of 5.3.
How does CVE-2020-4016 affect Atlassian Crucible?
CVE-2020-4016 affects Atlassian Crucible versions up to and excluding 4.8.1.
How does CVE-2020-4016 affect Atlassian FishEye?
CVE-2020-4016 affects Atlassian FishEye versions up to and excluding 4.8.1.
How can I fix CVE-2020-4016?
To fix CVE-2020-4016, upgrade Atlassian Fisheye and Crucible to version 4.8.1 or later.
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/tags
- vendor/atlassian
- canonical/atlassian crucible
- canonical/atlassian fisheye