The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://ecosystem.atlassian.net/browse/APL-1386 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2019-12-17T03:45:14.059031Z
Updated: 2024-09-16T19:50:47.187Z
Reserved: 2019-08-13T00:00:00
Link: CVE-2019-15011
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-12-17T04:15:11.257
Modified: 2024-11-21T04:27:52.183
Link: CVE-2019-15011
Redhat
No data.