CVE-2017-14591
CRITICALAtlassian Fisheye/Crucible <4.4.3 & 4.5.0 - Code Injection
Title source: llmDescription
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.
Scores
CVSS v3
9.0
EPSS
0.0065
EPSS Percentile
70.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Classification
CWE
CWE-88
Status
draft
Affected Products (4)
atlassian/crucible
< 4.4.3
atlassian/crucible
atlassian/fisheye
< 4.4.3
atlassian/fisheye
Timeline
Published
Nov 29, 2017
Tracked Since
Feb 18, 2026