The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check.
References
Link | Resource |
---|---|
https://ecosystem.atlassian.net/browse/APL-1386 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2019-12-17T00:00:00
Updated: 2019-12-17T03:45:13
Reserved: 2019-08-13T00:00:00
Link: CVE-2019-15011
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-12-17T04:15:11.257
Modified: 2019-12-30T17:45:53.390
Link: CVE-2019-15011
JSON object: View
Redhat Information
No data.
CWE