Cross-Site Scripting Vulnerability in Atlassian Fisheye and Crucible
CVE-2017-9508

5.4MEDIUM

Key Information:

Vendor: Atlassian
Status: Atlassian Fisheye And Crucible
Vendor: CVE Published:; 24 August 2017

What is CVE-2017-9508?

Atlassian Fisheye and Crucible versions prior to 4.4.1 are susceptible to a cross-site scripting vulnerability. This flaw allows remote attackers to inject arbitrary HTML or JavaScript code by manipulating the name of a repository or review file. If exploited, attackers could potentially execute malicious scripts in the context of the user's session, leading to unauthorized actions or data exposure.

Affected Version(s)

Atlassian Fisheye and Crucible All versions prior to version 4.4.1

References

https://jira.atlassian.com/browse/CRUC-8044

x_refsource_MISC

https://jira.atlassian.com/browse/FE-6898

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 24, 2017
Vulnerability Reserved
Jun 7, 2017