Atlassian Fisheye
36 CVEs affecting Atlassian Fisheye. Latest disclosed: 2022-07-20. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2012-2926 | Critical | 9.1 | 2012-05-22 | Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 be… |
CVE-2017-14591 | Critical | 9.0 | 2017-11-29 | Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, all… |
CVE-2017-9511 | High | 7.5 | 2017-08-24 | The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traver… |
CVE-2017-9512 | High | 7.5 | 2017-08-24 | The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information… |
CVE-2017-14588 | Medium | 6.1 | 2017-10-11 | Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripti… |
CVE-2017-14587 | Medium | 5.4 | 2017-10-11 | The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript… |
CVE-2017-9510 | Medium | 5.4 | 2017-08-24 | The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scr… |
CVE-2017-9509 | Medium | 5.4 | 2017-08-24 | The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scri… |
CVE-2017-9508 | Medium | 5.4 | 2017-08-24 | Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripti… |
CVE-2017-9507 | Medium | 5.4 | 2017-08-24 | The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via… |
CVE-2022-26137 | | 2022-07-20 | A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application… | |
CVE-2022-26136 | | 2022-07-20 | A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impa… | |
CVE-2021-43958 | | 2022-03-16 | Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not ch… | |
CVE-2021-43957 | | 2022-03-16 | Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability… | |
CVE-2021-43956 | | 2022-03-16 | The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a protot… | |
CVE-2021-43955 | | 2022-03-16 | The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about inst… | |
CVE-2021-43954 | | 2022-03-14 | The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enu… | |
CVE-2020-14192 | | 2021-02-01 | Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen re… | |
CVE-2020-29446 | | 2021-01-18 | Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in… | |
CVE-2020-14190 | | 2020-11-25 | Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versio… |