CVE-2021-43954

The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.
References
Link Resource
https://jira.atlassian.com/browse/CRUC-8520 Issue Tracking Vendor Advisory
https://jira.atlassian.com/browse/FE-7384 Issue Tracking Vendor Advisory
https://jira.atlassian.com/browse/CRUC-8520 Issue Tracking Vendor Advisory
https://jira.atlassian.com/browse/FE-7384 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:30

Type Values Removed Values Added
References () https://jira.atlassian.com/browse/CRUC-8520 - Issue Tracking, Vendor Advisory () https://jira.atlassian.com/browse/CRUC-8520 - Issue Tracking, Vendor Advisory
References () https://jira.atlassian.com/browse/FE-7384 - Issue Tracking, Vendor Advisory () https://jira.atlassian.com/browse/FE-7384 - Issue Tracking, Vendor Advisory

Information

Published : 2022-03-14 02:15

Updated : 2024-11-21 06:30


NVD link : CVE-2021-43954

Mitre link : CVE-2021-43954

CVE.ORG link : CVE-2021-43954


JSON object : View

Products Affected

atlassian

  • fisheye
  • crucible
CWE
CWE-918

Server-Side Request Forgery (SSRF)