Unrated severityNVD Advisory· Published Mar 14, 2022· Updated Oct 4, 2024

CVE-2021-43954

Description

The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.

Affected products

Atlassian/Fisheyev5
Range: unspecified
Atlassian/Cruciblev5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jira.atlassian.com/browse/CRUC-8520mitrex_refsource_MISC
jira.atlassian.com/browse/FE-7384mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000