Security Vulnerabilities - CVEs Published In June 2020
The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-06-01
The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-01
The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-01
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-06-01
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-06-01
The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery (CSRF) vulnerability.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-06-01
Page 179