CVE-2017-16859
N/A
N/A
Summary
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Atlassian | Fisheye and Crucible | unspecified < 4.3.2 | affected |
| Atlassian | Fisheye and Crucible | 4.4.0 < unspecified | affected |
| Atlassian | Fisheye and Crucible | unspecified < 4.4.3 | affected |
Weaknesses
- Path Traversal
ADP Enrichment
CVE Program Container
Additional References
- https://jira.atlassian.com/browse/CRUC-8212
- http://www.securityfocus.com/bid/104578
- https://jira.atlassian.com/browse/FE-7061
References
- https://jira.atlassian.com/browse/CRUC-8212
- http://www.securityfocus.com/bid/104578
- https://jira.atlassian.com/browse/FE-7061
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.