CVE-2021-43954

The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.

Published: Mar 14, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-43954
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
atlassian / crucible	-	4.8.9
atlassian / fisheye	-	4.8.9

https://jira.atlassian.com/browse/CRUC-8520
https://jira.atlassian.com/browse/FE-7384

Vulnerability Database

289,697

CVE-2021-43954