CVE-2019-15009

Summary

The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability.

Affected Software

VendorProductVersion RangeStatus
AtlassianCrucibleunspecified < 4.8.0affected
AtlassianFisheyeunspecified < 4.8.0affected

Weaknesses

  • Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References