{"containers": {"cna": {"affected": [{"product": "Application Links", "vendor": "Atlassian", "versions": [{"lessThan": "5.0.12", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "5.1.0", "versionType": "custom"}, {"lessThan": "5.2.11", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "5.3.0", "versionType": "custom"}, {"lessThan": "5.3.7", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "5.4.0", "versionType": "custom"}, {"lessThan": "5.4.13", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "6.0.0", "versionType": "custom"}, {"lessThan": "6.0.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2019-12-17T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check."}], "problemTypes": [{"descriptions": [{"description": "Information Exposure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-17T03:45:13.000Z", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ecosystem.atlassian.net/browse/APL-1386"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2019-12-17T00:00:00", "ID": "CVE-2019-15011", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Application Links", "version": {"version_data": [{"version_affected": "<", "version_value": "5.0.12"}, {"version_affected": ">=", "version_value": "5.1.0"}, {"version_affected": "<", "version_value": "5.2.11"}, {"version_affected": ">=", "version_value": "5.3.0"}, {"version_affected": "<", "version_value": "5.3.7"}, {"version_affected": ">=", "version_value": "5.4.0"}, {"version_affected": "<", "version_value": "5.4.13"}, {"version_affected": ">=", "version_value": "6.0.0"}, {"version_affected": "<", "version_value": "6.0.5"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://ecosystem.atlassian.net/browse/APL-1386", "refsource": "MISC", "url": "https://ecosystem.atlassian.net/browse/APL-1386"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:34:53.139Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ecosystem.atlassian.net/browse/APL-1386"}]}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2019-15011", "datePublished": "2019-12-17T03:45:14.059Z", "dateReserved": "2019-08-13T00:00:00.000Z", "dateUpdated": "2024-09-16T19:50:47.187Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*", "matchCriteriaId": "525BCC1A-F1BD-4DA4-9D71-F796699C5C70", "versionEndExcluding": "5.0.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDC745BF-811E-4176-99BD-DC215A540D8A", "versionEndExcluding": "5.2.11", "versionStartIncluding": "5.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB16B01F-FE38-4F7F-A438-522E734E1798", "versionEndExcluding": "5.3.7", "versionStartIncluding": "5.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB7BA4C7-CDF5-4EC3-BA7A-4DDDB220DD72", "versionEndExcluding": "5.4.13", "versionStartIncluding": "5.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFFFAEBE-9D34-4B1F-94AC-FBD319DE245A", "versionEndExcluding": "6.0.5", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check."}, {"lang": "es", "value": "El recurso ListEntityLinksServlet en Application Links en versiones anteriores a la 5.0.12, de la versi\u00f3n 5.1.0 en versiones anteriores a la 5.2.11, de la versi\u00f3n 5.3.0 en versiones anteriores a la 5.3.7, de la versi\u00f3n 5.4.0 en versiones anteriores a la 5.4.13 y de la versi\u00f3n 6.0.0 en versiones anteriores a la 6.0.5 divulg\u00f3 la informaci\u00f3n del enlace de la aplicaci\u00f3n a usuarios no administradores a mediante una verificaci\u00f3n de permisos faltantes."}], "id": "CVE-2019-15011", "lastModified": "2024-11-21T04:27:52.183", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-17T04:15:11.257", "references": [{"source": "security@atlassian.com", "tags": ["Vendor Advisory"], "url": "https://ecosystem.atlassian.net/browse/APL-1386"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://ecosystem.atlassian.net/browse/APL-1386"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}