Products

Solutions

Company

Book A Live Demo

CVE-2017-18035 : What You Need to Know

Learn about CVE-2017-18035 affecting Atlassian Fisheye and Crucible versions prior to 4.5.1 and 4.6.0. Discover the impact, technical details, and mitigation steps for this improper access control vulnerability.

Atlassian Fisheye and Crucible versions prior to 4.5.1 and 4.6.0 are affected by an improper access control vulnerability that allows remote attackers to view review coverage statistics without proper permissions.

Understanding CVE-2017-18035

This CVE relates to a security issue in Atlassian's Fisheye and Crucible products.

What is CVE-2017-18035?

The vulnerability in Fisheye and Crucible versions prior to 4.5.1 and 4.6.0 allows unauthorized remote attackers to access review coverage statistics without the necessary repository access.

The Impact of CVE-2017-18035

The lack of proper permission checks in the affected versions enables attackers to discover the presence of repositories and view sensitive review coverage data.

Technical Details of CVE-2017-18035

This section provides more in-depth technical information about the vulnerability.

Vulnerability Description

The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible versions prior to 4.5.1 and 4.6.0 lacks a permissions check, allowing unauthorized access to review coverage statistics.

Affected Systems and Versions

Product: Fisheye and Crucible

Vendor: Atlassian

Versions Affected: Prior to 4.5.1 and 4.6.0

Exploitation Mechanism

Attackers without repository access can exploit this vulnerability to identify repositories and access review coverage statistics.

Mitigation and Prevention

Protecting systems from CVE-2017-18035 requires immediate actions and long-term security practices.

Immediate Steps to Take

Update Fisheye and Crucible to versions 4.5.1 or 4.6.0 to mitigate the vulnerability.

Monitor access to review coverage statistics for any unauthorized activity.

Long-Term Security Practices

Implement strict access controls and permissions within the Fisheye and Crucible environments.

Regularly review and audit user permissions to prevent unauthorized access.

Patching and Updates

Apply security patches and updates provided by Atlassian to address the vulnerability effectively.

CVE-2017-18035 : What You Need to Know

Understanding CVE-2017-18035

What is CVE-2017-18035?

The Impact of CVE-2017-18035

Technical Details of CVE-2017-18035

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2017-18035 : What You Need to Know

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2017-18035

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2017-18035?

The Impact of CVE-2017-18035

Technical Details of CVE-2017-18035

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2017-18035

What is CVE-2017-18035?

Is your System Free of Underlying Vulnerabilities?
Find Out Now