The version of the Application Links plugin used in Bamboo before version 6.8.2 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details.