CVE-2020-4016

The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
atlassianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
atlassiancrucible
𝑥
< 4.8.1
atlassianfisheye
𝑥
< 4.8.1
𝑥
= Vulnerable software versions
References
https://jira.atlassian.com/browse/CRUC-8469
https://jira.atlassian.com/browse/FE-7285
https://jira.atlassian.com/browse/CRUC-8469
https://jira.atlassian.com/browse/FE-7285