CVE-2020-4017
First published: Mon Jun 01 2020(Updated: )
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Crucible | <4.8.1 | |
| Atlassian FishEye | <4.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of Atlassian Crucible and FishEye?
The vulnerability ID is CVE-2020-4017.
What is the severity of CVE-2020-4017?
The severity of CVE-2020-4017 is medium with a CVSS score of 5.3.
What is the affected software by CVE-2020-4017?
The affected software are Atlassian Crucible and Atlassian FishEye versions up to and exclusive of 4.8.1.
What is the impact of CVE-2020-4017?
CVE-2020-4017 allows remote attackers to get information about any configured Jira application links, leading to an information disclosure vulnerability.
Is there any official reference for CVE-2020-4017?
Yes, you can find more information about CVE-2020-4017 on the Atlassian Jira tracking pages: [CRUC-8470](https://jira.atlassian.com/browse/CRUC-8470) and [FE-7286](https://jira.atlassian.com/browse/FE-7286).
- collector/nvd-index
- vendor/atlassian
- canonical/atlassian crucible
- canonical/atlassian fisheye