CVE-2017-9511

Summary

The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.

Affected Software

VendorProductVersion RangeStatus
AtlassianAtlassian Fisheye and CrucibleAll versions prior to version 4.4.1affected

Weaknesses

  • Path Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References