Permission Check Vulnerability in Application Links by Atlassian
CVE-2019-15011

4.3MEDIUM

Key Information:

Vendor: Atlassian
Status: Application Links
Vendor: CVE Published:; 17 December 2019

Summary

The ListEntityLinksServlet in Atlassian's Application Links is prone to a vulnerability that allows non-admin users to access sensitive application link information due to a lack of proper permission checks in specific versions. This issue affects several versions before updates were released, posing risks of unauthorized information disclosure.

Affected Version(s)

Application Links < 5.0.12

Application Links 5.1.0

Application Links < 5.2.11

References

https://ecosystem.atlassian.net/browse/APL-1386

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 17, 2019
Vulnerability Reserved
Aug 13, 2019