CVE-2021-43958

Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability.

Published: Mar 16, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-43958
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-307

Affected Software
References

Software	From	Fixed in
atlassian / crucible	-	4.8.9
atlassian / fisheye	-	4.8.9

https://jira.atlassian.com/browse/CRUC-8523
https://jira.atlassian.com/browse/FE-7387

Vulnerability Database

289,697

CVE-2021-43958