-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
None
-
Severity 1 - Critical
-
The version of the bundled Atlassian Application Links plugin was vulnerable to XSS. See https://ecosystem.atlassian.net/browse/APL-1361 for more details.
- is related to
-
JRASERVER-66827 The bundled Atlassian Application Links plugin had various XSS issues - CVE-2018-5227
-
- Closed
-
-
APL-1361 XSS in various administrative application link resources through the display url of a configured application link - CVE-2018-5227
- Done
-
APL-1356 Failed to load
This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 6.8 => Medium severity
Exploitability Metrics
Scope Metric
Impact Metrics
https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H