Prototype Pollution Vulnerability in Fisheye and Crucible by Atlassian
CVE-2021-43956

6.1MEDIUM

Key Information:

Vendor: Atlassian
Status: Fisheye; Crucible
Vendor: CVE Published:; 16 March 2022

Summary

The jQuery deserialize library found in Fisheye and Crucible before version 4.8.9 is susceptible to a prototype pollution vulnerability. This allows remote attackers to exploit the system by injecting arbitrary HTML and JavaScript. Such exploits can lead to unauthorized actions on behalf of users, potentially compromising the integrity and security of the affected applications. To mitigate this risk, users should update to the latest version of Fisheye and Crucible as recommended by Atlassian.

Affected Version(s)

Crucible < 4.8.9

Fisheye < 4.8.9

References

https://jira.atlassian.com/browse/FE-7395

x_refsource_MISC

https://jira.atlassian.com/browse/CRUC-8531

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 16, 2022
Vulnerability Reserved
Nov 16, 2021