CVE-2017-16859

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
28/06/2018
Last modified:
23/08/2018

Description

The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:* 4.3.2 (excluding)
cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:* 4.4.0 (including) 4.4.3 (excluding)
cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:* 4.4.5 (including) 4.5.0 (excluding)
cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:* 4.3.2 (excluding)
cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:* 4.4.0 (including) 4.4.3 (excluding)
cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:* 4.4.5 (including) 4.5.0 (excluding)