Back to search
CVE-2020-4026
Published: Jun 2, 2020
Modified: Sep 17, 2024
PUBLISHED
Description
The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check.
| Vendor | Product | Versions |
|---|---|---|
Atlassian | Navigator Links | affected unspecified - < 3.2.23affected 4.0.0 - < unspecifiedaffected unspecified - < 4.3.7affected 5.0.0 - < unspecifiedaffected unspecified - < 5.0.1+2 more versions |
Atlassian | Crucible | affected unspecified - < 4.8.2 |
Atlassian | Fisheye | affected unspecified - < 4.8.2 |
References
https://jira.atlassian.com/browse/FE-7299
x_refsource_MISC
https://jira.atlassian.com/browse/CRUC-8485
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now