CVE-2020-4026

Summary

The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check.

Affected Software

VendorProductVersion RangeStatus
AtlassianNavigator Linksunspecified < 3.2.23affected
AtlassianNavigator Links4.0.0 < unspecifiedaffected
AtlassianNavigator Linksunspecified < 4.3.7affected
AtlassianNavigator Links5.0.0 < unspecifiedaffected
AtlassianNavigator Linksunspecified < 5.0.1affected
AtlassianNavigator Links5.1.0 < unspecifiedaffected
AtlassianNavigator Linksunspecified < 5.1.1affected
AtlassianCrucibleunspecified < 4.8.2affected
AtlassianFisheyeunspecified < 4.8.2affected

Weaknesses

  • Incorrect Authorization

ADP Enrichment

CVE Program Container

Additional References

References