CVE-2021-43954

The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.
References
Link Resource
https://jira.atlassian.com/browse/FE-7384 Issue Tracking Vendor Advisory
https://jira.atlassian.com/browse/CRUC-8520 Issue Tracking Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*

Information

Published : 2022-03-13 19:15

Updated : 2022-03-18 12:13


NVD link : CVE-2021-43954

Mitre link : CVE-2021-43954


JSON object : View

CWE
CWE-918

Server-Side Request Forgery (SSRF)

Advertisement

dedicated server usa

Products Affected

atlassian

  • fisheye
  • crucible