Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Is Crucible/Fisheye v4.8.13/4.8.14 vulnerable to CVE-2023-38545?

Kirk Williams February 19, 2024

Our Tenable scan has flagged our recent upgrade to Crucible/Fisheye 4.8.13/4.8.14 for the version of libcurl contained within the x86_64-linux-gnu/libcurl-gnutls.so.4.7.0.

Docker container running on RHEL7.

Flagged file:

  1. /var/lib/docker/overlay2/xxxxx/diff/usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4.7.0
  2. /var/lib/docker/overlay2/xxxxx/merged/usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4.7.0
  3. /var/lib/docker/overlay2/xxxxx/merged/usr/lib/x86_64-linux-gnu/libcurl.so.4.7.0
  4. /var/lib/docker/overlay2/xxxxx/diff/usr/lib/x86_64-linux-gnu/libcurl.so.4.7.0

It is recommended the libcurl version be upgraded from 7.81.0 to 8.4.0.

Is Crucible impacted by this CVE?  Will there be an update to the latest image for this issue in the near future?

0 answers

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
4.8.14
TAGS
AUG Leaders

Atlassian Community Events