CVE-2017-14591

Published: Nov 29, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2017-6092 Aliases: GSD-2017-14591

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,0

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: high

Availability: high

HIGH 9,3

Source: [email protected]

Access Vector: network

Access Complexity: medium

Authentication: none

Confidentiality: complete

Integrity: complete

Availability: complete

Description

AI Translation Available

Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0065

Percentile

0,7th

Updated

EPSS Score Trend (Last 91 Days)

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability Other

Potential Impacts:

Execute Unauthorized Code Or Commands Alter Execution Logic Read Application Data Modify Application Data

Applicable Platforms

Languages: Not Language-Specific, PHP

View CWE Details

Application

Crucible by Atlassian

Product Information

Vendor Atlassian

Product Crucible

Version Range Affected

To 4.4.3 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Fisheye by Atlassian

Product Information

Vendor Atlassian

Product Fisheye

Version 4.5.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:atlassian:fisheye:4.5.0:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Fisheye by Atlassian

Product Information

Vendor Atlassian

Product Fisheye

Version Range Affected

To 4.4.3 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Crucible by Atlassian

Product Information

Vendor Atlassian

Product Crucible

Version 4.5.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:atlassian:crucible:4.5.0:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://confluence.atlassian.com/x/plcGO

Issue Tracking Mitigation Vendor Advisory

https://confluence.atlassian.com/x/plcGO

http://www.securityfocus.com/bid/102194

Third Party Advisory VDB Entry

http://www.securityfocus.com/bid/102194

https://confluence.atlassian.com/x/plcGO

Issue Tracking Mitigation Vendor Advisory

https://confluence.atlassian.com/x/plcGO

http://www.securityfocus.com/bid/102194

Third Party Advisory VDB Entry

http://www.securityfocus.com/bid/102194

CVE-2017-14591

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 91 Days)

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Common Consequences

Applicable Platforms

Crucible by Atlassian

Product Information

Fisheye by Atlassian

Product Information

Fisheye by Atlassian

Product Information

Crucible by Atlassian

Product Information

Iscriviti alla newsletter