CVE-2019-20105 in Application Links Plugininformação

Sumário

de MITRE

The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have obtained access to administrator's session to access the EditApplinkServlet resource without needing to re-authenticate to pass "WebSudo" in products that support "WebSudo" through an improper access control vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservar

30/12/2019

Moderação

aceite

Entrada

VDB-151686

CPE

pronto

CWE

CWE-863 (confirmado)

CVSS

4.9 (NVD)

EPSS

0.01487

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2019-20105
NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-20105
CVE Details	https://www.cvedetails.com/cve/CVE-2019-20105/

◂ Voltar Visão Geral Próximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!