Description
The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check.
Affected products
- Atlassian / Application Linksunspecified – 5.0.12
- Atlassian / Application Links5.1.0 – unspecified
- Atlassian / Application Linksunspecified – 5.2.11
- Atlassian / Application Links5.3.0 – unspecified
- Atlassian / Application Linksunspecified – 5.3.7
- Atlassian / Application Links5.4.0 – unspecified
- Atlassian / Application Linksunspecified – 5.4.13
- Atlassian / Application Links6.0.0 – unspecified
- Atlassian / Application Linksunspecified – 6.0.5