Atlassian Crucible < 4.3.2 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF
Medium Nessus Plugin ID 110773
SynopsisThe version of Atlassian Crucible installed on the remote host is affected by an internal network resource disclosure (CSRF) vulnerability.
DescriptionAccording to its self-reported version, the installation of Atlassian Crucible running on the remote host is prior to 4.3.2.
It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Crucible 4.3.2 or later.