CVE-2021-43956

6.1MEDIUM

Key Information:

Vendor
Atlassian
Status
Fisheye
Crucible
Vendor
CVE Published:
16 March 2022

Summary

The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.

Affected Version(s)

Crucible < 4.8.9

Fisheye < 4.8.9

References

https://jira.atlassian.com/browse/FE-7395
x_refsource_MISC
https://jira.atlassian.com/browse/CRUC-8531
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.