Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Application links'
2020-03-17
CVE-2019-20105
CWE-863
The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have obtained access to administrator's session to access the EditApplinkServlet resource without needing to re-authenticate to pass "WebSudo" in products that support "WebSudo" through an improper access control vulnerability.
2019-12-17
CVE-2019-15011
CWE-276
The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check.
2019-04-30
CVE-2018-20239
CWE-79
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0.
>>>
Vendor:
Atlassian
44
Products
Confluence
JIRA
Fisheye
Bamboo
Crowd
Crucible
Hipchat
Jira core
Jira service desk
Jira integration for hipchat
Bitbucket
Hipchat server
Sourcetree
Oauth
Bitbucket auto unapprove plugin
Bitbucket server
Floodlight controller
Cloudtoken
Crowd2
Application links
Universal plugin manager
Jira service desk server
Troubleshooting and support
Saml single sign on
Subversion application lifecycle management
Jira software data center
Companion
Navigator links
Data center
Editor-core
Alfresco enterprise content management
Connect express
Connect spring boot
Floodlight
Jira server and data center
Jira service management
Confluence data center
Confluence server
Bitbucket data center
Jira data center
Jira server
Assets discovery data server
Assets discovery data center
Assets discovery cloud
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Application links' 