CVE-2020-4026

CWE-863Incorrect Authorization3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 63.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian CrucibleAtlassian FisheyeAtlassian Navigator Links
Timeline
PublishedJun 3
Latest updateMay 24

Description

The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5atlassian/navigator_linksunspecified3.2.23+6
NVDatlassian/navigator_links4.0.04.3.7+3
CVEListV5atlassian/fisheyeunspecified4.8.2
CVEListV5atlassian/crucibleunspecified4.8.2

🔴Vulnerability Details

2
GHSA
GHSA-5x3c-hcgh-mgxq: The CustomAppsRestResource list resource in Atlassian Navigator Links before version 32022-05-24
CVEList
CVE-2020-4026: The CustomAppsRestResource list resource in Atlassian Navigator Links before version 32020-06-02
CVE-2020-4026 (MEDIUM CVSS 4.3) | The CustomAppsRestResource list res | cvebase.io