CVE-2017-18095

CVE-2017-18095

Vendor Atlassian

Product Crucible

Weakness CWE-863 · Incorrect authorization

Published February 19, 2018

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability.

Key dates

02Disclosure timeline

February 19, 2018 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-18095 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

Identifiers

CVE CVE-2017-18095

CWE CWE-863

Affected versions

Vendor Atlassian

Product Crucible

Affected prior to 4.5.1

Vendor Atlassian

Product Crucible

Affected prior to 4.6.0

01Description

02Disclosure timeline

03References

04Related CVE