Atlassian Fisheye and Crucible Multiple Vulnerabilities

Atlassian Crucible 2.4.4 and Fisheye 2.4.4 fix several vulnerabilities, including some that allow remote code execution. Exploits are available.

The following versions are vulnerable:
Atlassian Crucible 2.2.3
Atlassian Crucible 2.3.2
Atlassian Crucible 2.3.3
Atlassian Crucible 2.4.3
Atlassian Fisheye 2.2.3
Atlassian Fisheye 2.3.0
Atlassian Fisheye 2.3.1
Atlassian Fisheye 2.3.2
Atlassian Fisheye 2.3.3
Atlassian Fisheye 2.3.4
Atlassian Fisheye 2.3.5
Atlassian Fisheye 2.3.6
Atlassian Fisheye 2.3.7
Atlassian Fisheye 2.4.3

References:
http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2011-01-12
http://confluence.atlassian.com/display/CRUCIBLE/FishEye+and+Crucible+Security+Advisory+2011-01-12

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Leave a Reply