CVE-2019-15011: The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version…

medium4.3CVSS 3.1

AVNACLPRLUINSUCLINAN

The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check.

Affected

14 ranges

Vendor	Product	Version range	Fixed in
atlassian	application_links	< 5.0.12	5.0.12
atlassian	application_links	>= 5.1.0 < unspecified	unspecified
atlassian	application_links	>= 5.1.0 < 5.2.11	5.2.11
atlassian	application_links	>= 5.3.0 < unspecified	unspecified
atlassian	application_links	>= 5.3.0 < 5.3.7	5.3.7
atlassian	application_links	>= 5.4.0 < unspecified	unspecified
atlassian	application_links	>= 5.4.0 < 5.4.13	5.4.13
atlassian	application_links	>= 6.0.0 < unspecified	unspecified
atlassian	application_links	>= 6.0.0 < 6.0.5	6.0.5
atlassian	application_links	>= unspecified < 5.0.12	5.0.12
atlassian	application_links	>= unspecified < 5.2.11	5.2.11
atlassian	application_links	>= unspecified < 5.3.7	5.3.7
atlassian	application_links	>= unspecified < 5.4.13	5.4.13
atlassian	application_links	>= unspecified < 6.0.5	6.0.5