Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2019-20105

UNKNOWN
Published 2020-03-17T02:40:13.819495Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2019-20105. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have obtained access to administrator's session to access the EditApplinkServlet resource without needing to re-authenticate to pass "WebSudo" in products that support "WebSudo" through an improper access control vulnerability.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Atlassian

Application Links

Affected Versions:

unspecified 6.0.0 unspecified 7.0.0 unspecified 7.1.0 unspecified
Atlassian

Jira Server and Data Center

Affected Versions:

7.13.8 unspecified 8.4.2 unspecified 8.6.0 unspecified

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-hhrj-8h23-4fr8

Advisory Details

The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have obtained access to administrator's session to access the EditApplinkServlet resource without needing to re-authenticate to pass "WebSudo" in products that support "WebSudo" through an improper access control vulnerability.

CVSS Scoring

CVSS Score

5.0

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-20105
WEB https://ecosystem.atlassian.net/browse/APL-1391
WEB https://jira.atlassian.com/browse/JRASERVER-70526

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: May 24, 2022

References

https://ecosystem.atlassian.net/browse/APL-1391
https://jira.atlassian.com/browse/JRASERVER-70526
Published: 2020-03-17T02:40:13.819495Z
Last Modified: 2024-09-16T19:25:54.920Z
Copied to clipboard!