Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
Atlassian Crucible 授权问题漏洞
Vulnerability Description
Atlassian Crucible是澳大利亚Atlassian公司的一套代码审查工具。该工具提供审查代码、讨论变化、分享知识和识别缺陷等审查流程。 Atlassian Crucible 4.5.1之前版本中的SnippetRPCServiceImpl类中存在授权问题漏洞。远程攻击者可利用该漏洞对未授权访问的代码片段进行评论。
CVSS Information
N/A
Vulnerability Type
N/A