Information Disclosure in Atlassian Fisheye and Crucible Plugin
CVE-2020-4016

5.3MEDIUM

Key Information:

Vendor

Atlassian
Status
Crucible
Fisheye
Vendor
CVE Published:
1 June 2020

What is CVE-2020-4016?

The crucible-jira-ril plugin in Atlassian Fisheye and Crucible prior to version 4.8.1 has a vulnerability that allows remote attackers to gain access to sensitive information. By exploiting this vulnerability, attackers may obtain the IDs of configured Jira application links, potentially leading to unauthorized access or further attacks on linked applications. It is crucial for users of affected versions to update their installations to safeguard sensitive data.

Affected Version(s)

Crucible < 4.8.1

Fisheye < 4.8.1

References

https://jira.atlassian.com/browse/CRUC-8469
x_refsource_MISC
https://jira.atlassian.com/browse/FE-7285
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.