The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2018-02-19T14:00:00Z
Updated: 2024-09-16T17:28:59.763Z
Reserved: 2018-02-01T00:00:00
Link: CVE-2017-18095
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-02-19T14:29:00.520
Modified: 2024-11-21T03:19:21.053
Link: CVE-2017-18095
Redhat
No data.