CPE-82E21632-C9A6-4C13-B24E-6BDC540F8CC1 Detail

CPE Details

Atlassian Application Links 5.3.4

Vendor

atlassian

Product

application_links

Version

5.3.4

Created

2019-05-02
13h19 +00:00

Modified

2019-05-02
13h19 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:atlassian:application_links:5.3.4:::::::*

Informations

Vendor

atlassian

Product

application_links

Version

5.3.4

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2019-20105	2020-03-17 02h40 +00:00	The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have obtained access to administrator's session to access the EditApplinkServlet resource without needing to re-authenticate to pass "WebSudo" in products that support "WebSudo" through an improper access control vulnerability.	4.9	Medium
CVE-2019-15011	2019-12-17 03h45 +00:00	The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check.	4.3	Medium
CVE-2018-20239	2019-04-30 15h28 +00:00	Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0.	5.4	Medium
CVE-2018-5227	2018-04-10 13h00 +00:00	Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link.	4.8	Medium

Atlassian Application Links 5.3.4

CPE Details

CPE Name: cpe:2.3:a:atlassian:application_links:5.3.4:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:atlassian:application_links:5.3.4:::::::*