Unrated severityNVD Advisory· Published Mar 29, 2018· Updated Sep 16, 2024

CVE-2018-5223

Description

Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run a vulnerable version of Fisheye or Crucible on the Windows operating system. All versions of Fisheye and Crucible before 4.4.6 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.3 (the fixed version for 4.5.x) are affected by this vulnerability.

Affected products

Atlassian/Fisheye and Cruciblecpe-rescue
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/103665mitrevdb-entryx_refsource_BID
confluence.atlassian.com/x/Zi5sOmitrex_refsource_CONFIRM
confluence.atlassian.com/x/aS5sOmitrex_refsource_CONFIRM
jira.atlassian.com/browse/CRUC-8181mitrex_refsource_CONFIRM
jira.atlassian.com/browse/FE-7014mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000