← back
CVE-2017-16859

CVE-2017-16859

EPSS 2.5%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 2.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Jun 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter.
Affected products
Atlassian · Fisheye and Crucible

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jira.atlassian.com/browse/CRUC-8212https://jira.atlassian.com/browse/FE-7061http://www.securityfocus.com/bid/104578