Application Links Security Vulnerabilities and Issues — Application Links CVE List

Lucene search

AtlassianApplication Links

7 matches found

CVE•added 2019/12/17 4:15 a.m.•104 views

CVE-2019-15011

The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a mi...

4.3CVSS4.2AI score0.00172EPSS

CVE•added 2020/03/17 3:15 a.m.•79 views

CVE-2019-20105

The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have o...

4.9CVSS5.1AI score0.00185EPSS

CVE•added 2019/04/30 4:29 p.m.•73 views

CVE-2018-20239

Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the appl...

5.4CVSS5.2AI score0.00407EPSS

CVE•added 2018/04/04 12:29 p.m.•48 views

CVE-2017-18096

The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAut...

7.2CVSS6.9AI score0.00078EPSS

CVE•added 2018/04/10 1:29 p.m.•43 views

CVE-2018-5227

Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link.

4.8CVSS4.8AI score0.00158EPSS

CVE•added 2019/03/29 2:29 p.m.•41 views

CVE-2017-18111

The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked a...

8.7CVSS8.3AI score0.0007EPSS

CVE•added 2018/05/14 1:29 p.m.•38 views

CVE-2017-16860

The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl p...

6.1CVSS5.9AI score0.00228EPSS