[%22Vendor] The bundled version of Atlassian Navigator Links contained an incorrect authorization check - CVE-2020-4026 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 4.8.2
Affects Version/s: 4.8.1
Component/s: Integrations
Labels:

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The bundled version of Atlassian Navigator Links plugin in Atlassian Fisheye before version 4.8.2 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. Additional details about the issue in the Atlassian Navigator Links plugin can be found below.

The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check.

relates to

FE-7299 The bundled version of Atlassian Navigator Links contained an incorrect authorization check - CVE-2020-4026

Closed

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 02/Jun/2020 6:19 AM

Updated:: 09/Nov/2023 9:44 AM

Resolved:: 02/Jun/2020 6:19 AM

Details

Description

Attachments

Issue Links

Forms

Activity

[CRUC-8485] The bundled version of Atlassian Navigator Links contained an incorrect authorization check - CVE-2020-4026

People

Dates