Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Atlassian Fisheye和Crucible 安全漏洞
Vulnerability Description
Atlassian FishEye和Crucible都是澳大利亚Atlassian公司的产品。FishEye是一套源代码库深度查看软件。Crucible是一套代码审查工具。 Atlassian Fisheye和Crucible 4.5.1之前版本和4.6.0之前版本中的/rest/review-coverage-chart/1.0/data/<repository_name>/.json resource存在安全漏洞,该漏洞源于程序缺少权限检测。攻击者可利用该漏洞确定库是否存在,并访问该库的统计信息。
CVSS Information
N/A
Vulnerability Type
N/A