threat
engine
.sh
Back
·
··:··
Home
/
Product
/
atlassian crucible
Product
atlassian crucible
52 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-21683
>= 4.8.0 and < 4.8.15
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.
8.8
HIGH
CVE-2022-26137
< 4.8.10
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be
8.8
HIGH
CVE-2022-26136
< 4.8.10
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first a
9.8
CRITICAL
CVE-2021-43958
< 4.8.9
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials
9.8
CRITICAL
CVE-2021-43957
< 4.8.9
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object Ref
7.5
HIGH
CVE-2021-43956
< 4.8.9
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to inject arbitrary HTML a
6.1
MEDIUM
CVE-2021-43955
< 4.8.9
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to
4.3
MEDIUM
CVE-2021-43954
< 4.8.9
The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add r
4.3
MEDIUM
CVE-2020-14192
< 4.8.4
Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure v
4.3
MEDIUM
CVE-2020-29446
< 4.8.5
Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object Refer
5.3
MEDIUM
CVE-2020-29447
< 4.7.4
Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (D
4.3
MEDIUM
CVE-2020-14190
< 4.8.4
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex
7.5
HIGH
CVE-2020-14191
< 4.8.4
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Se
7.5
HIGH
CVE-2020-4023
< 4.8.2
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HT
5.4
MEDIUM
CVE-2020-4018
< 4.8.1
The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process v
8.8
HIGH
CVE-2020-4017
< 4.8.1
The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before versio
5.3
MEDIUM
CVE-2020-4016
< 4.8.1
The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.
5.3
MEDIUM
CVE-2020-4015
< 4.8.1
The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view u
4.3
MEDIUM
CVE-2020-4014
< 4.8.1
The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove anot
4.3
MEDIUM
CVE-2020-4013
< 4.8.1
The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Jav
5.4
MEDIUM
CVE-2019-15009
< 4.8.0
The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to rem
4.3
MEDIUM
CVE-2019-15008
< 4.7.3
The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to injec
6.1
MEDIUM
CVE-2019-15007
< 4.7.3
The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or Jav
4.8
MEDIUM
CVE-2019-15005
< 4.7.2
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic lo
4.3
MEDIUM
CVE-2018-20239
< 4.7.0
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 bef
5.4
MEDIUM
CVE-2018-20241
< 4.7.0
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arb
5.4
MEDIUM
CVE-2018-20240
< 4.7.0
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject a
4.8
MEDIUM
CVE-2018-13399
< 4.6.1
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privile
7.8
HIGH
CVE-2018-13398
< 4.5.4
The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify
6.5
MEDIUM
CVE-2018-13392
< 4.6.0
Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaSc
6.1
MEDIUM
CVE-2018-13388
< 4.5.3
The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary
5.4
MEDIUM
CVE-2017-16859
< 4.3.2
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before
6.5
MEDIUM
CVE-2018-5228
< 4.5.3
The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML
6.1
MEDIUM
CVE-2018-5223
>= 4.4.0 and < 4.4.6
Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating
7.2
HIGH
CVE-2017-18094
>= 4.4.0 and < 4.4.3
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote atta
4.8
MEDIUM
CVE-2017-18095
< 4.5.1
The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remot
5.3
MEDIUM
CVE-2017-18093
>= 4.4.0 and < 4.4.3
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remo
4.8
MEDIUM
CVE-2017-18092
< 4.4.3
The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote
5.4
MEDIUM
CVE-2017-18091
>= 4.4.0 and < 4.4.3
The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.
4.8
MEDIUM
CVE-2017-18089
>= 4.4.0 and < 4.4.3
The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote
5.4
MEDIUM
CVE-2017-18035
< 4.5.1
The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 a
4.3
MEDIUM
CVE-2017-18034
< 4.5.1
The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows remote attackers that ha
5.4
MEDIUM
CVE-2017-16861
< 4.4.5
It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An
9.8
CRITICAL
CVE-2017-14591
< 4.4.3
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames i
9.0
CRITICAL
CVE-2017-14588
<= 4.4.1
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaSc
6.1
MEDIUM
CVE-2017-14587
<= 4.4.1
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject
5.4
MEDIUM
CVE-2017-9511
<= 4.4.0
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbi
7.5
HIGH
CVE-2017-9512
<= 4.4.0
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to
7.5
HIGH
CVE-2017-9509
<= 4.4.0
The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or Jav
5.4
MEDIUM
CVE-2017-9508
all versions
Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaSc
5.4
MEDIUM
CVE-2017-9507
<= 4.4.0
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbi
5.4
MEDIUM
CVE-2012-2926
< 2.5.8
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8,
9.1
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin