Atlassian FishEye < 4.3.2 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF
Medium Nessus Plugin ID 110774
SynopsisThe version of Atlassian FishEye installed on the remote host is affected by an internal network resource disclosure (CSRF) vulnerability.
DescriptionAccording to its self-reported version, the installation of Atlassian FishEye running on the remote host is prior to 4.3.2.
It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to FishEye 4.3.2 or later.