Unrated severityNVD Advisory· Published Jun 28, 2018· Updated Sep 16, 2024

CVE-2017-16859

Description

The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter.

Affected products

Atlassian/Fisheye and Cruciblecpe-rescue
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/104578mitrevdb-entryx_refsource_BID
jira.atlassian.com/browse/CRUC-8212mitrex_refsource_CONFIRM
jira.atlassian.com/browse/FE-7061mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000