HTTP: Atlassian FishEye and Crucible mostActiveCommitters Information Disclosure
An information disclosure vulnerability has been reported in Atlassian FishEye and Crucible. Successful exploitation results in the disclosure of sensitive information such as email addresses.
Extended Description
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.
Affected Products
Atlassian crucible
Short Name
HTTP:STC:ATLASSIAN-INFO-DIS
Severity
Warning
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Atlassian CVE-2017-9512 Crucible Disclosure FishEye Information and mostActiveCommitters
Release Date
09/12/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Atlassian
CVSS Score
5.0