Fisheye Multiple Vulnerabilities Network Vulnerability

Summary

Fisheye and Crucible are prone to cross-site scripting, security- bypass, and information-disclosure vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the context of the website, steal cookie-based authentication information, disclose sensitive information, or bypass certain security restrictions. Fisheye and Crucible versions prior to 2.4.4 are vulnerable.

Solution

Vendor updates are available. Please see the references for more information.

References

http://confluence.atlassian.com/display/CRUCIBLE/FishEye+and+Crucible+Security+Advisory+2011-01-12
http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2011-01-12
http://www.atlassian.com/software/crucible/
http://www.atlassian.com/software/fisheye/
https://www.securityfocus.com/bid/45776

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N

Related Vulnerabilities

OneOrZero AIMS 'index.php' Cross Site Scripting Vulnerability
Axis Commerce HTML Injection Vulnerability
Bugzilla 'Install/Filesystem.pm' Information Disclosure Vulnerability
Kusaba X Multiple Cross Site Scripting Vulnerabilities
Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities