CVE-2019-15011

The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check.

Link	Resource
https://ecosystem.atlassian.net/browse/APL-1386	Vendor Advisory

Configuration 1

cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:* cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:* cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:* cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:* cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*

---

Published : 2019-12-17 04:15

Updated : 2019-12-30 05:45

---

NVD link : CVE-2019-15011

Mitre link : CVE-2019-15011

No products.

CWE-276

Incorrect Default Permissions