FishEye 2.2 : Severity Levels for Security Issues
This page last changed on Nov 13, 2009 by edawson.
Severity LevelsAtlassian security advisories include a severity level, rating the vulnerability as one of the following:
Below is a summary of the factors which we use to decide on the severity level, and the implications for your installation. Severity Level: CriticalWe classify a vulnerability as critical if most or all of the following are true:
Severity Level: HighWe give a high severity level to those vulnerabilities which have the potential to become critical, but have one or more mitigating factors that make exploitation less attractive to attackers. For example, given a vulnerability which has many characteristics of the critical severity level, we would give it a level of high if any of the following are true:
Note: If the mitigating factor arises from a lack of technical details, the severity level would be elevated to critical if those details later became available. If your installation is mission-critical, you may want to treat this as a critical vulnerability. Severity Level: ModerateWe give a moderate severity level to those vulnerabilities where the scales are slightly tipped in favour of the potential victim. The following vulnerabilities are typically rated moderate:
Severity Level: LowWe give a low severity level to those vulnerabilities which by themselves have typically very little impact on an organisation's infrastructure. Exploitation of such vulnerabilities usually requires local or physical system access. Exploitation may result in client-side privacy or denial of service issues and leakage of information about organisational structure, system configuration and versions, or network topology.
Further readingSee How to Get Legendary Support from Atlassian for more support-related information. |
![]() |
Document generated by Confluence on Feb 18, 2010 23:51 |