Vulnerability in Atlassian Fisheye And Crucible
CVE-2018-13398
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulnerability.
EPSS: 0.001 (33.2th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Fisheye And Crucible — versions unspecified
References
- jira.atlassian.com/browse/FE-7100 (x_refsource_CONFIRM)
- jira.atlassian.com/browse/CRUC-8312 (x_refsource_CONFIRM)