CVE-2019-20105 in Application Links Plugininformazioni

Riassunto

di MITRE

The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have obtained access to administrator's session to access the EditApplinkServlet resource without needing to re-authenticate to pass "WebSudo" in products that support "WebSudo" through an improper access control vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

30/12/2019

Moderazione

accettato

Voce

VDB-151686

CPE

pronto

CWE

CWE-863 (confermato)

CVSS

4.9 (NVD)

EPSS

0.01487

KEV

Attività

molto basso

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2019-20105
NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-20105
CVE Details	https://www.cvedetails.com/cve/CVE-2019-20105/

◂ Precedente Visione D'ensemble Il prossimo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!