CVE-2017-18095

MEDIUM

Atlassian Crucible < 4.5.1 - Unauthenticated Improper Authorization in SnippetRPCServiceImpl

Title source: llm
STIX 2.1

Description

The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103207
Vendor Advisory x_refsource_confirm
https://jira.atlassian.com/browse/CRUC-8178

Scores

CVSS v3 5.3
EPSS 0.0021
EPSS Percentile 42.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-863
Status published
Products (1)
atlassian/crucible < 4.5.1
Published Feb 19, 2018
Tracked Since Feb 18, 2026