The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/CRUC-8485 | Vendor Advisory |
https://jira.atlassian.com/browse/FE-7299 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2020-06-03 00:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-4026
Mitre link : CVE-2020-4026
CVE.ORG link : CVE-2020-4026
JSON object : View
Products Affected
atlassian
- navigator_links
CWE
CWE-863
Incorrect Authorization