Description
The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability.
Affected products
- Atlassian / Crucibleunspecified – 4.8.1
- Atlassian / Fisheyeunspecified – 4.8.1