Denial of Service Vulnerability in Atlassian Fisheye/Crucible
CVE-2020-14191

7.5HIGH

Key Information:

Vendor: Atlassian
Status: Fisheye; Crucible
Vendor: CVE Published:; 25 November 2020

Summary

A vulnerability in Atlassian Fisheye/Crucible allows remote attackers to disrupt the application's availability. This Denial of Service issue resides in the MessageBundleResource within Atlassian Gadgets. Versions prior to 4.8.4 are affected, making systems potentially susceptible to exploitation.

Affected Version(s)

Crucible < 4.8.4

Fisheye < 4.8.4

References

https://jira.atlassian.com/browse/CRUC-8501

x_refsource_MISC

https://jira.atlassian.com/browse/FE-7332

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 25, 2020
Vulnerability Reserved
Jun 16, 2020