Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 3.3.5, 3.4.4
Affects Version/s: 3.0.5
Component/s: Applications
Labels:

Symptom Severity:
Severity 1 - Critical
Bug Fix Policy:
View Atlassian Server bug fix policy

The version of the Application Links plugin used in Crowd before version 3.3.5, and from version 3.4.0 before version 3.4.4 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details.

relates to

BAM-20745 Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

Closed

CONFSERVER-59277 Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

Closed

JRASERVER-70409 Information disclosure in the listEntityLinks servlet resource of the Application links plugin - CVE-2019-15011

Closed

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 17/Dec/2019 4:10 AM

Updated:: 01/Jul/2020 12:49 AM

Resolved:: 17/Dec/2019 4:15 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates