Crucible
by Atlassian
CVEs (51)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-4016 | 0.00 | — | 0.01 | Jun 1, 2020 | The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability. | |||
| CVE-2020-4015 | 0.00 | — | 0.01 | Jun 1, 2020 | The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability. | |||
| CVE-2020-4014 | 0.00 | — | 0.01 | Jun 1, 2020 | The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability. | |||
| CVE-2020-4013 | 0.00 | — | 0.01 | Jun 1, 2020 | The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives. | |||
| CVE-2019-15009 | 0.00 | — | 0.01 | Dec 11, 2019 | The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability. | |||
| CVE-2019-15008 | 0.00 | — | 0.01 | Dec 11, 2019 | The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter. | |||
| CVE-2019-15007 | 0.00 | — | 0.01 | Dec 11, 2019 | The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch. | |||
| CVE-2019-15005 | 0.00 | — | 0.01 | Nov 8, 2019 | The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration… | |||
| CVE-2018-20241 | 0.00 | — | 0.01 | Feb 20, 2019 | The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter. | |||
| CVE-2018-20240 | 0.00 | — | 0.01 | Feb 20, 2019 | The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter. | |||
| CVE-2018-13399 | 0.00 | — | 0.00 | Oct 16, 2018 | The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. |
- CVE-2020-4016Jun 1, 2020risk 0.00cvss —epss 0.01
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability.
- CVE-2020-4015Jun 1, 2020risk 0.00cvss —epss 0.01
The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability.
- CVE-2020-4014Jun 1, 2020risk 0.00cvss —epss 0.01
The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability.
- CVE-2020-4013Jun 1, 2020risk 0.00cvss —epss 0.01
The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.
- CVE-2019-15009Dec 11, 2019risk 0.00cvss —epss 0.01
The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability.
- CVE-2019-15008Dec 11, 2019risk 0.00cvss —epss 0.01
The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter.
- CVE-2019-15007Dec 11, 2019risk 0.00cvss —epss 0.01
The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch.
- CVE-2019-15005Nov 8, 2019risk 0.00cvss —epss 0.01
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration…
- CVE-2018-20241Feb 20, 2019risk 0.00cvss —epss 0.01
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.
- CVE-2018-20240Feb 20, 2019risk 0.00cvss —epss 0.01
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.
- CVE-2018-13399Oct 16, 2018risk 0.00cvss —epss 0.00
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
Page 3 of 3