Описание
The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.8.0 (исключая)Версия до 4.8.0 (исключая)
Одно из
cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00261
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
github
больше 3 лет назад
The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability.
EPSS
Процентиль: 49%
0.00261
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-noinfo