Our Tenable scan has flagged our recent upgrade to Crucible/Fisheye 4.8.13/4.8.14 for containing a Sprint Security verision prior to 5.5.7 or 5.6.x prior to 5.6.4.
Docker container running on RHEL7.
Flagged file:
/var/lib/docker/overlay2/xxxx/merged/atlassian/apps/crucible/lib/spring-security-core-3.2.5.RELEASE.jar.
It is recommended the version be upgraded from 3.2.5 to 5.5.7.
Is Crucible impacted by this CVE? Will there be an update to the latest image for this issue in the near future?
