Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fisheye
(Atlassian)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 51 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-01 | CVE-2020-4013 | The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives. | Crucible, Fisheye | 5.4 | ||
| 2020-06-01 | CVE-2020-4014 | The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability. | Crucible, Fisheye | 4.3 | ||
| 2020-06-01 | CVE-2020-4015 | The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability. | Crucible, Fisheye | 4.3 | ||
| 2020-06-01 | CVE-2020-4016 | The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability. | Crucible, Fisheye | 5.3 | ||
| 2020-06-01 | CVE-2020-4017 | The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability. | Crucible, Fisheye | 5.3 | ||
| 2020-06-01 | CVE-2020-4018 | The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability. | Crucible, Fisheye | 8.8 | ||
| 2020-06-01 | CVE-2020-4023 | The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter. | Crucible, Fisheye | 5.4 | ||
| 2020-11-25 | CVE-2020-14191 | Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. | Crucible, Fisheye | 7.5 | ||
| 2020-11-25 | CVE-2020-14190 | Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4. | Crucible, Fisheye | 7.5 | ||
| 2021-01-18 | CVE-2020-29446 | Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5. | Crucible, Fisheye | 5.3 |