Vulnerability Description
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVSS Score
7.8
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Crucible | < 4.6.1 |
| Atlassian | Fisheye | < 4.6.1 |
Related Weaknesses (CWE)
References
- https://jira.atlassian.com/browse/CRUC-8314Issue TrackingVendor Advisory
- https://jira.atlassian.com/browse/FE-7105Issue TrackingVendor Advisory
- https://jira.atlassian.com/browse/CRUC-8314Issue TrackingVendor Advisory
- https://jira.atlassian.com/browse/FE-7105Issue TrackingVendor Advisory
FAQ
What is CVE-2018-13399?
CVE-2018-13399 is a vulnerability with a CVSS score of 7.8 (HIGH). The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
How severe is CVE-2018-13399?
CVE-2018-13399 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-13399?
Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Crucible, Atlassian Fisheye.