Medium severity4.3NVD Advisory· Published Feb 2, 2018· Updated Jun 17, 2026
CVE-2017-18035
CVE-2017-18035
Description
The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: prior to 4.5.1 and 4.6.0
Patches
Vulnerability mechanics
References
2- jira.atlassian.com/browse/CRUC-8163nvdVendor Advisory
- jira.atlassian.com/browse/FE-6996nvdVendor Advisory
News mentions
0No linked articles in our index yet.