CVE-2017-18095
N/A
N/A
Summary
The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Atlassian | Crucible | prior to 4.5.1 | affected |
| Atlassian | Crucible | prior to 4.6.0 | affected |
Weaknesses
- CWE-863: Incorrect Authorization (CWE-863)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.