Path Traversal Vulnerability in Atlassian Fisheye and Crucible Software
CVE-2017-9511

7.5HIGH

Key Information:

Vendor: Atlassian
Status: Atlassian Fisheye And Crucible
Vendor: CVE Published:; 24 August 2017

Summary

The MultiPathResource class in Atlassian Fisheye and Crucible prior to version 4.4.1 is susceptible to a path traversal vulnerability. This flaw enables unauthorized remote attackers to exploit the system running on Microsoft Windows, allowing them to read sensitive files indiscriminately. It poses a significant risk as it can lead to unauthorized information disclosure and potential further exploits. Users are recommended to update to the latest version to mitigate this risk.

Affected Version(s)

Atlassian Fisheye and Crucible All versions prior to version 4.4.1

References

https://jira.atlassian.com/browse/CRUC-8049

x_refsource_MISC

https://jira.atlassian.com/browse/FE-6891

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 24, 2017
Vulnerability Reserved
Jun 7, 2017