Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-7299

The bundled version of Atlassian Navigator Links contained an incorrect authorization check - CVE-2020-4026

    XMLWordPrintable

Details

    Description

      The bundled version of Atlassian Navigator Links plugin in Atlassian Fisheye before version 4.8.2 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. Additional details about the issue in the Atlassian Navigator Links plugin can be found below.

      The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. CRUC-8485 The bundled version of Atlassian Navigator Links contained an incorrect authorization check - CVE-2020-4026

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: