Fisheye
by Atlassian
CVEs (51)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-4015 | 0.00 | — | 0.01 | Jun 1, 2020 | The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability. | |||
| CVE-2020-4014 | 0.00 | — | 0.01 | Jun 1, 2020 | The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability. | |||
| CVE-2020-4013 | 0.00 | — | 0.01 | Jun 1, 2020 | The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives. | |||
| CVE-2019-15009 | 0.00 | — | 0.01 | Dec 11, 2019 | The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability. | |||
| CVE-2019-15008 | 0.00 | — | 0.01 | Dec 11, 2019 | The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter. | |||
| CVE-2019-15007 | 0.00 | — | 0.01 | Dec 11, 2019 | The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch. | |||
| CVE-2019-15005 | 0.00 | — | 0.01 | Nov 8, 2019 | The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration… | |||
| CVE-2018-20241 | 0.00 | — | 0.01 | Feb 20, 2019 | The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter. | |||
| CVE-2018-20240 | 0.00 | — | 0.01 | Feb 20, 2019 | The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter. | |||
| CVE-2018-13399 | 0.00 | — | 0.00 | Oct 16, 2018 | The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. | |||
| CVE-2011-4822 | 0.00 | — | 0.02 | Dec 15, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) snippets in a user comment, which is not properly handled in a Confluence page, or (2) the user… |
- CVE-2020-4015Jun 1, 2020risk 0.00cvss —epss 0.01
The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability.
- CVE-2020-4014Jun 1, 2020risk 0.00cvss —epss 0.01
The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability.
- CVE-2020-4013Jun 1, 2020risk 0.00cvss —epss 0.01
The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.
- CVE-2019-15009Dec 11, 2019risk 0.00cvss —epss 0.01
The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability.
- CVE-2019-15008Dec 11, 2019risk 0.00cvss —epss 0.01
The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter.
- CVE-2019-15007Dec 11, 2019risk 0.00cvss —epss 0.01
The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch.
- CVE-2019-15005Nov 8, 2019risk 0.00cvss —epss 0.01
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration…
- CVE-2018-20241Feb 20, 2019risk 0.00cvss —epss 0.01
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.
- CVE-2018-20240Feb 20, 2019risk 0.00cvss —epss 0.01
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.
- CVE-2018-13399Oct 16, 2018risk 0.00cvss —epss 0.00
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
- CVE-2011-4822Dec 15, 2011risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) snippets in a user comment, which is not properly handled in a Confluence page, or (2) the user…
Page 3 of 3