GCVE - cpe:2.3:a:atlassian:atlassian_fisheye_and

Approved changes feed: RSS · Atom

cpe:2.3:a:atlassian:atlassian_fisheye_and_crucible:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Atlassian (`8acde0d4-2b83-5bd8-8d3f-60d59e0b022e`)
Product	Atlassian Fisheye And Crucible (`a2c1b673-54f8-5793-9b83-8f9006f08fee`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-9512`	vulnerable	2026-06-03 14:37:41.780392	Details available The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks. Published: 2017-08-24T17:00:00.000Z Updated: 2024-10-16T14:05:19.181Z Open on db.gcve.eu Reference links https://jira.atlassian.com/browse/CRUC-8053 https://jira.atlassian.com/browse/FE-6892	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-9511`	vulnerable	2026-06-03 14:37:41.779859	Details available The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system. Published: 2017-08-24T18:00:00.000Z Updated: 2024-10-15T19:18:49.770Z Open on db.gcve.eu Reference links https://jira.atlassian.com/browse/CRUC-8049 https://jira.atlassian.com/browse/FE-6891	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-9508`	vulnerable	2026-06-03 14:37:41.774605	Details available Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file. Published: 2017-08-24T17:00:00.000Z Updated: 2024-10-15T19:23:22.364Z Open on db.gcve.eu Reference links https://jira.atlassian.com/browse/CRUC-8044 https://jira.atlassian.com/browse/FE-6898	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14588`	vulnerable	2026-06-03 14:36:39.433316	Details available Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter. Published: 2017-10-11T18:00:00.000Z Updated: 2024-10-15T19:14:38.109Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/101268 https://jira.atlassian.com/browse/FE-6935 https://jira.atlassian.com/browse/CRUC-8113	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14587`	vulnerable	2026-06-03 14:36:39.431638	Details available The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter. Published: 2017-10-11T18:00:00.000Z Updated: 2024-09-17T01:55:33.174Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/101266 https://jira.atlassian.com/browse/CRUC-8112 https://jira.atlassian.com/browse/FE-6933	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Atlassian Fisheye And Crucible

PURL mappings

Vulnerability references

Contribute