CVE-2020-4017

The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
atlassianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
atlassiancrucible
𝑥
< 4.8.1
atlassianfisheye
𝑥
< 4.8.1
𝑥
= Vulnerable software versions
References
https://jira.atlassian.com/browse/CRUC-8470
https://jira.atlassian.com/browse/FE-7286
https://jira.atlassian.com/browse/CRUC-8470
https://jira.atlassian.com/browse/FE-7286