CVE-2017-16859

Summary

The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter.

Affected Software

VendorProductVersion RangeStatus
AtlassianFisheye and Crucibleunspecified < 4.3.2affected
AtlassianFisheye and Crucible4.4.0 < unspecifiedaffected
AtlassianFisheye and Crucibleunspecified < 4.4.3affected

Weaknesses

  • Path Traversal

ADP Enrichment

CVE Program Container

Additional References

References