CVE-2019-15011

Summary

The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check.

Affected Software

VendorProductVersion RangeStatus
AtlassianApplication Linksunspecified < 5.0.12affected
AtlassianApplication Links5.1.0 < unspecifiedaffected
AtlassianApplication Linksunspecified < 5.2.11affected
AtlassianApplication Links5.3.0 < unspecifiedaffected
AtlassianApplication Linksunspecified < 5.3.7affected
AtlassianApplication Links5.4.0 < unspecifiedaffected
AtlassianApplication Linksunspecified < 5.4.13affected
AtlassianApplication Links6.0.0 < unspecifiedaffected
AtlassianApplication Linksunspecified < 6.0.5affected

Weaknesses

  • Information Exposure

ADP Enrichment

CVE Program Container

Additional References

References