Information Disclosure Vulnerability in Atlassian Fisheye and Crucible Plugin

Information Disclosure Vulnerability in Atlassian Fisheye and Crucible Plugin

CVE-2020-4017 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability.

Learn more about our Web Application Penetration Testing UK.