Atlassian Application Links vulnerabilities
3 known vulnerabilities affecting atlassian/atlassian_application_links.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2018-20239MEDIUMCVSS 5.4≥ unspecified, < 5.0.11≥ 5.1.0, < unspecified+7 more2019-04-30
CVE-2018-20239 [MEDIUM] CWE-79 CVE-2018-20239: Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a pl
cvelistv5nvd
CVE-2018-5227MEDIUMCVSS 4.8≥ unspecified, < 5.4.42018-04-10
CVE-2018-5227 [MEDIUM] CWE-79 CVE-2018-5227: Various administrative application link resources in Atlassian Application Links before version 5.4.
Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link.
cvelistv5nvd
CVE-2017-18096HIGHCVSS 7.2≥ unspecified, < 5.2.7≥ 5.3.0, < unspecified+3 more2018-04-04
CVE-2017-18096 [HIGH] CWE-918 CVE-2017-18096: The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 befor
The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then
cvelistv5nvd