Unauthenticated Access to Sensitive Information in Atlassian Fisheye and Crucible
CVE-2017-9512 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.
Learn more about our Web Application Penetration Testing UK.