-
Bug
-
Resolution: Fixed
-
Low
-
1.0
-
Severity 1 - Critical
-
The version of the Application Links plugin used in Bitbucket Server and Bitbucket Data Center before version 5.16.6, from version 6.0.0 before version 6.0.6, from version 6.1.0 before version 6.1.5, from version 6.2.0 before version 6.2.2, and from version 6.3.0 before version 6.3.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details.
- is related to
-
APL-1386 Information disclosure in the listEntityLinks servlet resource - CVE-2019-15011
- Done
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[BSERV-12103] https://jira.atlassian.com/browse/JRASERVER-70409 for Bitbucket Server
| Remote Link | Original: This issue links to "APL-1386 (Ecosystem Jira)" [ 463786 ] | New: This issue links to "APL-1386 (Ecosystem JIRA)" [ 463786 ] |
| Labels | Original: advisory advisory-to-release cvss-medium information-disclosure security security-bot-created | New: advisory advisory-released cvss-medium information-disclosure security security-bot-created |
| Description | Original: The version of the Application Links plugin used in Bitbucket Server before version 5.16.6, from version 6.0.0 before version 6.0.6, from version 6.1.0 before version 6.1.5, from version 6.2.0 before version 6.2.2, and from version 6.3.0 before version 6.3.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details. | New: The version of the Application Links plugin used in Bitbucket Server and Bitbucket Data Center before version 5.16.6, from version 6.0.0 before version 6.0.6, from version 6.1.0 before version 6.1.5, from version 6.2.0 before version 6.2.2, and from version 6.3.0 before version 6.3.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details. |
| Security | Original: Atlassian Staff [ 10750 ] |
| Fix Version/s | New: 6.4.0 [ 86598 ] | |
| Fix Version/s | New: 6.3.1 [ 86701 ] | |
| Fix Version/s | New: 6.2.2 [ 86700 ] | |
| Fix Version/s | New: 6.1.5 [ 86699 ] | |
| Fix Version/s | New: 6.0.6 [ 86698 ] | |
| Fix Version/s | New: 5.16.6 [ 86697 ] | |
| Fix Version/s | Original: 6.0.10 [ 88900 ] |
| Description | Original: The version of the Application Links plugin used in Bitbucket Server before version 6.0.10 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details. | New: The version of the Application Links plugin used in Bitbucket Server before version 5.16.6, from version 6.0.0 before version 6.0.6, from version 6.1.0 before version 6.1.5, from version 6.2.0 before version 6.2.2, and from version 6.3.0 before version 6.3.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details. |
| Fix Version/s | New: 6.0.10 [ 88900 ] |
| Description | Original: The version of the Application Links plugin used in Jira Server and Data Center before version allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details. | New: The version of the Application Links plugin used in Bitbucket Server before version 6.0.10 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details. |
| Component/s | New: AppLinks [ 34107 ] | |
| Component/s | Original: Access Keys [ 26590 ] |
| Affects Version/s | New: 1.0 [ 24693 ] | |
| Affects Version/s | Original: 6.10.0 [ 90794 ] |