CVE-2021-43954

The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.
References
Link Resource
https://jira.atlassian.com/browse/CRUC-8520 Issue Tracking Vendor Advisory
https://jira.atlassian.com/browse/FE-7384 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-03-14 02:15

Updated : 2024-02-28 19:09


NVD link : CVE-2021-43954

Mitre link : CVE-2021-43954

CVE.ORG link : CVE-2021-43954


JSON object : View

Products Affected

atlassian

  • fisheye
  • crucible
CWE
CWE-918

Server-Side Request Forgery (SSRF)