Lucene search
K
AtlassianApplication Links

7 matches found

CVE
CVE
added 2019/12/17 3:45 a.m.125 views

CVE-2019-15011

The CVE-2019-15011 issue is an information-disclosure in the Atlassian Application Links plugin: the ListEntityLinksServlet exposes configured application link information to non-admin users due to a missing permissions check. Affected versions include Application Links plugin 5.0.12 and later 5....

4.3CVSS4.2AI score0.00915EPSS
CVE
CVE
added 2020/03/17 2:40 a.m.93 views

CVE-2019-20105

CVE-2019-20105 concerns the Atlassian Application Links plugin where the EditApplinkServlet could be accessed without re-authenticating, by attackers with access to an administrator session. This is described as an improper access control vulnerability that bypasses WebSudo in affected products. ...

4.9CVSS5.1AI score0.01487EPSS
CVE
CVE
added 2019/04/30 3:28 p.m.89 views

CVE-2018-20239

CVE-2018-20239 involves a cross-site scripting (XSS) flaw in the Application Links plugin’s applinkStartingUrl parameter. The vulnerability affects multiple plugin versions: Application Links before 5.0.11, 5.1.0–before 5.2.10, 5.3.0–before 5.3.6, 5.4.0–before 5.4.12, and 6.0.0–before 6.0.4. It i...

5.4CVSS5.2AI score0.03401EPSS
CVE
CVE
added 2018/04/04 12:0 p.m.62 views

CVE-2017-18096

The CVE concerns Atlassian Application Links: the OAuth status REST resource is affected in versions before 5.2.7, 5.3.0 before 5.3.4, and 5.4.0 before 5.4.3. A remote attacker with administrative rights can trigger a Server Side Request Forgery by creating an OAuth application link to a controll...

7.2CVSS6.9AI score0.01212EPSS
CVE
CVE
added 2018/04/10 1:0 p.m.56 views

CVE-2018-5227

Vulnerability summary: CVE-2018-5227 affects the Atlassian Application Links plugin. The XSS flaw resides in the display URL of a configured application link, exploitable by remote attackers with administration rights. This affects Atlassian Application Links versions prior to 5.4.4. Impact: Abil...

4.8CVSS4.8AI score0.00635EPSS
CVE
CVE
added 2019/03/29 2:4 p.m.52 views

CVE-2017-18111

The CVE-2017-18111 issue affects Atlassian Application Links: the OAuthHelper component. Versions affected include before 5.0.10, 5.1.0 before 5.1.3, and 5.2.0 before 5.2.6. The root cause is an XML document builder that is vulnerable to XML External Entity (XXE) processing when handling a client...

8.7CVSS8.3AI score0.01663EPSS
CVE
CVE
added 2018/05/14 1:0 p.m.49 views

CVE-2017-16860

The CVE-2017-16860 issue affects Atlassian Application Links. The invalidRedirectUrl template in Application Links allows remote attackers to inject arbitrary HTML/JavaScript via the redirectUrl parameter in the redirect warning message, leading to cross-site scripting (XSS). Affected versions ar...

6.1CVSS5.9AI score0.00922EPSS