CVE-2017-9512 vulnerability in Atlassian Products
Published on August 24, 2017

The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.

NVD

Vulnerability Analysis

CVE-2017-9512 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

NONE

Products Associated with CVE-2017-9512

stack.watch emails you whenever new vulnerabilities are published in Atlassian Crucible or Atlassian Fisheye. Just hit a watch button to start following.

Atlassian Crucible

Atlassian Fisheye

Affected Versions

Atlassian Fisheye and Crucible:

Version All versions prior to version 4.4.1 is affected.

atlassian fisheye:

Before 4.4.1 is affected.

atlassian crucible:

Before 4.4.1 is affected.

Exploit Probability

EPSS

1.57%

Percentile

81.24%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-9512 vulnerability in Atlassian ProductsPublished on August 24, 2017

Vulnerability Analysis

Products Associated with CVE-2017-9512

Affected Versions

Exploit Probability

CVE-2017-9512 vulnerability in Atlassian Products
Published on August 24, 2017