Vulnerability in Atlassian Crucible
CVE-2021-43954
The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-S…
EPSS: 0.001 (34.3th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Crucible — versions unspecified
- Atlassian Fisheye — versions unspecified
References
- jira.atlassian.com/browse/FE-7384 (x_refsource_MISC)
- jira.atlassian.com/browse/CRUC-8520 (x_refsource_MISC)