Information Disclosure Vulnerability in Atlassian Fisheye and Crucible Plugin
CVE-2020-4017

5.3MEDIUM

Key Information:

Vendor: Atlassian
Status: Crucible; Fisheye
Vendor: CVE Published:; 1 June 2020

What is CVE-2020-4017?

The crucible-jira-ril plugin in Atlassian Fisheye and Crucible prior to version 4.8.1 contains an information disclosure vulnerability that enables remote attackers to access sensitive information relating to configured Jira application links. This exposure can lead to unauthorized insights into the application's setup and linked resources, making it essential for users to upgrade to the latest version to mitigate potential risks.

Affected Version(s)

Crucible < 4.8.1

Fisheye < 4.8.1

References

https://jira.atlassian.com/browse/CRUC-8470

x_refsource_MISC

https://jira.atlassian.com/browse/FE-7286

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2020
Vulnerability Reserved
Dec 30, 2019