Known Vulnerabilities
CVE-2017-9511
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.
UNKNOWN
CVSS 7.5
Published Aug 24, 2017
CVE-2017-9512
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.
UNKNOWN
CVSS 7.5
Published Aug 24, 2017
CVE-2017-9508
Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.
UNKNOWN
Published Aug 24, 2017