Vulnerability Description
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Crucible | < 4.4.3 |
| Atlassian | Fisheye | < 4.4.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102194Third Party AdvisoryVDB Entry
- https://confluence.atlassian.com/x/plcGOIssue TrackingMitigationVendor Advisory
- http://www.securityfocus.com/bid/102194Third Party AdvisoryVDB Entry
- https://confluence.atlassian.com/x/plcGOIssue TrackingMitigationVendor Advisory
FAQ
What is CVE-2017-14591?
CVE-2017-14591 is a vulnerability with a CVSS score of 9.0 (CRITICAL). Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code...
How severe is CVE-2017-14591?
CVE-2017-14591 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-14591?
Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Crucible, Atlassian Fisheye.