First published: Wed Mar 16 2022(Updated: )
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9.
Credit: security@atlassian.com security@atlassian.com
Affected Software | Affected Version | How to fix |
---|---|---|
Atlassian Crucible | <4.8.9 | |
Atlassian FishEye | <4.8.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-43957.
The severity of CVE-2021-43957 is high with a severity value of 7.5.
The affected software versions are Atlassian Fisheye and Crucible before version 4.8.9.
Remote attackers can exploit CVE-2021-43957 to browse local files through an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory.
Yes, the fix for CVE-2021-43957 is available in version 4.8.9 of Atlassian Fisheye and Crucible.