CVE-2017-18094
Last modified
CVE-2017-18094 is a vulnerability of currently unknown severity. Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository.. EPSS estimates a 0.62% chance of exploitation in the next 30 days.
Description
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Fisheye | >= 4.4.0, < 4.4.3 |
| Atlassian | Fisheye | 4.5.0 |
| Atlassian | Crucible | >= 4.4.0, < 4.4.3 |
| Atlassian | Crucible | 4.5.0 |
References
- https://jira.atlassian.com/browse/CRUC-8177Vendor Advisory
- https://jira.atlassian.com/browse/FE-7010Vendor Advisory
- https://jira.atlassian.com/browse/CRUC-8177Vendor Advisory
- https://jira.atlassian.com/browse/FE-7010Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-18094?
How severe is CVE-2017-18094?
How do I fix CVE-2017-18094?
Are you affected by CVE-2017-18094?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST