CVE-2017-14591

Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in…

atlassian·CWE-88·Published 2017-11-29

CVSS

—

EPSS

0.02

KEV

Exploits

cve.orgen

243 chars

Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.

NVDen

243 chars

NVDes

287 chars

Atlassian Fisheye y Crucible en versiones anteriores a la 4.3 y la versión 4.5.0 son vulnerables a una inyección de argumentos mediante nombres de archivo en repositorios Mercurial. Esto permite que los atacantes ejecuten código arbitrario en un sistema que ejecute el software afectado.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	9.3	8.6	10.0	AV:N/AC:M/Au:N/C:C/I:C/A:C
3.0	Primary	NVD	9.0	2.2	6.0	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H