Atlassian: >> Fisheye >> 4.8.1 Security Vulnerabilities
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-11-25
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-11-25
Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-08-05
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-06-01
Page 2