CVE-2019-15011

4.3MEDIUM

Key Information:

Vendor: Atlassian
Status: Application Links
Vendor: CVE Published:; 17 December 2019

Summary

The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check.

Affected Version(s)

Application Links < 5.0.12

Application Links 5.1.0

Application Links < 5.2.11

References

https://ecosystem.atlassian.net/browse/APL-1386

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 17, 2019
Vulnerability Reserved
Aug 13, 2019