CVE-2019-15011 - OpenCVE

The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Atlassian	Application Links

Configuration 1 [-]

OR	cpe:2.3:a:atlassian:application_links::::::::
	cpe:2.3:a:atlassian:application_links::::::::
	cpe:2.3:a:atlassian:application_links::::::::
	cpe:2.3:a:atlassian:application_links::::::::
	cpe:2.3:a:atlassian:application_links::::::::

References

Link	Resource
https://ecosystem.atlassian.net/browse/APL-1386	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: atlassian

Published: 2019-12-17T00:00:00

Updated: 2019-12-17T03:45:13

Reserved: 2019-08-13T00:00:00

Link: CVE-2019-15011

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-12-17T04:15:11.257

Modified: 2019-12-30T17:45:53.390

Link: CVE-2019-15011

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"containers": {"cna": {"affected": [{"product": "Application Links", "vendor": "Atlassian", "versions": [{"lessThan": "5.0.12", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "5.1.0", "versionType": "custom"}, {"lessThan": "5.2.11", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "5.3.0", "versionType": "custom"}, {"lessThan": "5.3.7", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "5.4.0", "versionType": "custom"}, {"lessThan": "5.4.13", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "6.0.0", "versionType": "custom"}, {"lessThan": "6.0.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2019-12-17T00:00:00", "descriptions": [{"lang": "en", "value": "The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check."}], "problemTypes": [{"descriptions": [{"description": "Information Exposure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-17T03:45:13", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ecosystem.atlassian.net/browse/APL-1386"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2019-12-17T00:00:00", "ID": "CVE-2019-15011", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Application Links", "version": {"version_data": [{"version_affected": "<", "version_value": "5.0.12"}, {"version_affected": ">=", "version_value": "5.1.0"}, {"version_affected": "<", "version_value": "5.2.11"}, {"version_affected": ">=", "version_value": "5.3.0"}, {"version_affected": "<", "version_value": "5.3.7"}, {"version_affected": ">=", "version_value": "5.4.0"}, {"version_affected": "<", "version_value": "5.4.13"}, {"version_affected": ">=", "version_value": "6.0.0"}, {"version_affected": "<", "version_value": "6.0.5"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://ecosystem.atlassian.net/browse/APL-1386", "refsource": "MISC", "url": "https://ecosystem.atlassian.net/browse/APL-1386"}]}}}}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2019-15011", "datePublished": "2019-12-17T00:00:00", "dateReserved": "2019-08-13T00:00:00", "dateUpdated": "2019-12-17T03:45:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*", "matchCriteriaId": "525BCC1A-F1BD-4DA4-9D71-F796699C5C70", "versionEndExcluding": "5.0.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDC745BF-811E-4176-99BD-DC215A540D8A", "versionEndExcluding": "5.2.11", "versionStartIncluding": "5.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB16B01F-FE38-4F7F-A438-522E734E1798", "versionEndExcluding": "5.3.7", "versionStartIncluding": "5.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB7BA4C7-CDF5-4EC3-BA7A-4DDDB220DD72", "versionEndExcluding": "5.4.13", "versionStartIncluding": "5.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFFFAEBE-9D34-4B1F-94AC-FBD319DE245A", "versionEndExcluding": "6.0.5", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check."}, {"lang": "es", "value": "El recurso ListEntityLinksServlet en Application Links en versiones anteriores a la 5.0.12, de la versi\u00f3n 5.1.0 en versiones anteriores a la 5.2.11, de la versi\u00f3n 5.3.0 en versiones anteriores a la 5.3.7, de la versi\u00f3n 5.4.0 en versiones anteriores a la 5.4.13 y de la versi\u00f3n 6.0.0 en versiones anteriores a la 6.0.5 divulg\u00f3 la informaci\u00f3n del enlace de la aplicaci\u00f3n a usuarios no administradores a mediante una verificaci\u00f3n de permisos faltantes."}], "id": "CVE-2019-15011", "lastModified": "2019-12-30T17:45:53.390", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-17T04:15:11.257", "references": [{"source": "security@atlassian.com", "tags": ["Vendor Advisory"], "url": "https://ecosystem.atlassian.net/browse/APL-1386"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}