Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Atlassian Crucible Server 3.9.x < 3.9.2 Multiple Vulnerabilities

Medium

Synopsis

The remote Crucible server is affected by multiple attack vectors.

Description

Versions of Crucible 3.9.x prior to 3.9.2 are affected by multiple vulnerabilities :

- An unspecified flaw may allow an attacker to bypass Cross-Site Request Forgery (CSRF) protection mechanisms and conduct CSRF attacks. No further details have been provided by the vendor. (OSVDB 132108) - A flaw exists that is triggered when handling HTTP requests containing newline characters. This may allow a remote attacker to inject forged content into log files. (OSVDB 132180) - A flaw exists in the REST API that may allow a remote attacker to gain unauthorized access to a review of the patch list and the contents of patches. (OSVDB 132357)

Solution

Upgrade to Crucible version 3.9.2 or later.