Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability.
History

Mon, 07 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2022-03-16T00:55:19.574907Z

Updated: 2024-10-04T18:55:11.181Z

Reserved: 2021-11-16T00:00:00

Link: CVE-2021-43958

cve-icon Vulnrichment

Updated: 2024-08-04T04:10:17.148Z

cve-icon NVD

Status : Modified

Published: 2022-03-16T01:15:07.950

Modified: 2024-11-21T06:30:05.290

Link: CVE-2021-43958

cve-icon Redhat

No data.