CVE-2017-14591
CRITICALAtlassian Fisheye/Crucible <4.4.3 & 4.5.0 - Code Injection
Title source: llmDescription
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.
References (2)
Core 2
Core References
Issue Tracking, Mitigation, Vendor Advisory x_refsource_confirm
https://confluence.atlassian.com/x/plcGO
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102194
Scores
CVSS v3
9.0
EPSS
0.0065
EPSS Percentile
71.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-88
Status
published
Products (5)
atlassian/crucible
4.5.0
atlassian/crucible
< 4.4.3
atlassian/fisheye
4.5.0
atlassian/fisheye
< 4.4.3
Atlassian/Fisheye and Crucible
Versions less than 4.4.3 OR version 4.5.0
Published
Nov 29, 2017
Tracked Since
Feb 18, 2026