CVE-2017-18095

The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability.

Published: Feb 19, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-18095
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
atlassian / crucible	-	4.5.1

http://www.securityfocus.com/bid/103207
https://jira.atlassian.com/browse/CRUC-8178

Vulnerability Database

289,784

CVE-2017-18095