CVE-2017-16859
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
28/06/2018
Last modified:
23/08/2018
Description
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:* | 4.3.2 (excluding) | |
cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:* | 4.4.0 (including) | 4.4.3 (excluding) |
cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:* | 4.4.5 (including) | 4.5.0 (excluding) |
cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:* | 4.3.2 (excluding) | |
cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:* | 4.4.0 (including) | 4.4.3 (excluding) |
cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:* | 4.4.5 (including) | 4.5.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page