CVE-2019-20105 in Application Links Plugininfo

Zusammenfassung

von MITRE

The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have obtained access to administrator's session to access the EditApplinkServlet resource without needing to re-authenticate to pass "WebSudo" in products that support "WebSudo" through an improper access control vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

30.12.2019

Moderieren

akzeptiert

Eintrag

VDB-151686

CPE

bereit

CWE

CWE-863 (bestätigt)

CVSS

4.9 (NVD)

EPSS

0.01487

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2019-20105
NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-20105
CVE Details	https://www.cvedetails.com/cve/CVE-2019-20105/

◂ Zurück Übersicht Weiter ▸

Do you need the next level of professionalism?

Upgrade your account now!