7 matches found
CVE-2019-15011
The CVE-2019-15011 issue is an information-disclosure in the Atlassian Application Links plugin: the ListEntityLinksServlet exposes configured application link information to non-admin users due to a missing permissions check. Affected versions include Application Links plugin 5.0.12 and later 5....
CVE-2019-20105
CVE-2019-20105 concerns the Atlassian Application Links plugin where the EditApplinkServlet could be accessed without re-authenticating, by attackers with access to an administrator session. This is described as an improper access control vulnerability that bypasses WebSudo in affected products. ...
CVE-2018-20239
CVE-2018-20239 involves a cross-site scripting (XSS) flaw in the Application Links plugin’s applinkStartingUrl parameter. The vulnerability affects multiple plugin versions: Application Links before 5.0.11, 5.1.0–before 5.2.10, 5.3.0–before 5.3.6, 5.4.0–before 5.4.12, and 6.0.0–before 6.0.4. It i...
CVE-2017-18096
The CVE concerns Atlassian Application Links: the OAuth status REST resource is affected in versions before 5.2.7, 5.3.0 before 5.3.4, and 5.4.0 before 5.4.3. A remote attacker with administrative rights can trigger a Server Side Request Forgery by creating an OAuth application link to a controll...
CVE-2018-5227
Vulnerability summary: CVE-2018-5227 affects the Atlassian Application Links plugin. The XSS flaw resides in the display URL of a configured application link, exploitable by remote attackers with administration rights. This affects Atlassian Application Links versions prior to 5.4.4. Impact: Abil...
CVE-2017-18111
The CVE-2017-18111 issue affects Atlassian Application Links: the OAuthHelper component. Versions affected include before 5.0.10, 5.1.0 before 5.1.3, and 5.2.0 before 5.2.6. The root cause is an XML document builder that is vulnerable to XML External Entity (XXE) processing when handling a client...
CVE-2017-16860
The CVE-2017-16860 issue affects Atlassian Application Links. The invalidRedirectUrl template in Application Links allows remote attackers to inject arbitrary HTML/JavaScript via the redirectUrl parameter in the redirect warning message, leading to cross-site scripting (XSS). Affected versions ar...