CVE-2020-4026

UNRATED

Description

The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check.

Affected products

Atlassian / Crucibleunspecified – 4.8.2
Atlassian / Fisheyeunspecified – 4.8.2
Atlassian / Navigator Linksunspecified – 4.3.7
Atlassian / Navigator Links5.0.0 – unspecified
Atlassian / Navigator Linksunspecified – 3.2.23
Atlassian / Navigator Links5.1.0 – unspecified
Atlassian / Navigator Linksunspecified – 5.1.1
Atlassian / Navigator Linksunspecified – 5.0.1
Atlassian / Navigator Links4.0.0 – unspecified

References

MISChttps://jira.atlassian.com/browse/FE-7299
MISChttps://jira.atlassian.com/browse/CRUC-8485