Lucene search

Security-metrics-botFE-7346

HistoryFeb 03, 2021 - 10:45 p.m.

Update application links to 5.4.23 to fix CVE-2020-5398

2021-02-0322:45:35

security-metrics-bot

jira.atlassian.com

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.625 Medium

EPSS

Percentile

97.9%

JSON

Affected versions of Atlassian FishEye and Crucible allow remote attackers to view sensitive information via an Information Disclosure vulnerability in a vulnerable version of the Application Links component.

The affected versions are before version 4.8.6.

Affected versions:

version < 4.8.6

Fixed versions:

4.8.6

Affected configurations

Vulners

Node

atlassianfisheyeRange≤4.7.0

atlassianfisheyeRange≤4.8.0

atlassianfisheyeRange<4.8.6

CPENameOperatorVersion
fisheyele4.7.0
fisheyele4.8.0
fisheyelt4.8.6

Name	Operator	Version
fisheye	le	4.7.0
fisheye	le	4.8.0
fisheye	lt	4.8.6

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.625 Medium

EPSS

Percentile

97.9%

JSON

Related for FE-7346