Vulnerability Details : CVE-2020-29447
Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2020-29447
Probability of exploitation activity in the next 30 days: 0.11%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 43 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-29447
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2020-29447
-
The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-29447
-
https://jira.atlassian.com/browse/CRUC-8505
[CRUC-8505] Sending multiple concurrent file upload requests will permanently break a review - CVE-2020-29447 - Create and track feature requests for Atlassian products.Vendor Advisory
Products affected by CVE-2020-29447
- cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*