CVE-2017-9512 Information
Feb 14, 2021
cve
Description
The mostActiveCommitters.do resource in Atlassian FishEye and Crucible before version 4.4.1 allows anonymous remote attackers to access sensitive information for example email addresses of committers as it lacked permission checks.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
https://jira.atlassian.com/browse/CRUC-8053 https://jira.atlassian.com/browse/FE-6892
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
7.5
Share on: