CVE-2021-43958
Last modified
CVE-2021-43958 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability.. EPSS estimates a 1.41% chance of exploitation in the next 30 days.
Description
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Crucible | < 4.8.9 |
| Atlassian | Fisheye | < 4.8.9 |
References
- https://jira.atlassian.com/browse/CRUC-8523Issue Tracking, Vendor Advisory
- https://jira.atlassian.com/browse/FE-7387Issue Tracking, Vendor Advisory
- https://jira.atlassian.com/browse/CRUC-8523Issue Tracking, Vendor Advisory
- https://jira.atlassian.com/browse/FE-7387Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-43958?
How severe is CVE-2021-43958?
How do I fix CVE-2021-43958?
Are you affected by CVE-2021-43958?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST