cvedb.io
CVE-2017-18095
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2018-02-19T14:29:00.520 · Last modified 2026-06-17T01:12:11.727

Summary

The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability.

Affected products

atlassian — crucible

Does this affect you?

Add your gear to cvedb and we'll alert you only when atlassian ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.