Atlassian JIRA < 7.13.12 / 8.x < 8.5.4 / 8.6.x < 8.6.1 'Atlassian Application Links' Plugin Privilege Escalation

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is before 7.13.12, or 8.x before 8.5.4, or 8.6.x before 8.6.1. It is, therefore, affected by an improper authorization check related to the Atlassian Application Links plugin that allows ...

Atlassian JIRA < 8.4.2 Information disclosure in Application links plugin

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is 8.4.x prior to 8.4.2. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability in the listEntityLinks servlet resource of the Application links...

Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

The version of the Application Links plugin used in Fisheye before version 4.7.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...

Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

The version of the Application Links plugin used in Crucible before version 4.7.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details...

Information disclosure in the listEntityLinks servlet resource - CVE-2019-15011

The version of the Application Links plugin used in Crowd before version 3.3.5, and from version 3.4.0 before version 3.4.4 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for mor...

Information disclosure in the listEntityLinks servlet resource - CVE-2019-15011

The version of the Application Links plugin used in Crowd before version 3.3.5, and from version 3.4.0 before version 3.4.4 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for mor...

Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

The version of the Application Links plugin used in Confluence before version 6.13.6, from version 6.14.0 before version 6.15.5, and from version 7.0.0 before 7.0.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See...

Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

The version of the Application Links plugin used in Confluence before version 6.13.6, from version 6.14.0 before version 6.15.5, and from version 7.0.0 before 7.0.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See...