Search criteria
2 vulnerabilities found for Navigator Links by Atlassian
CVE-2020-4026 (GCVE-0-2020-4026)
Vulnerability from cvelistv5 – Published: 2020-06-02 23:40 – Updated: 2024-09-17 04:05
VLAI?
Summary
The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check.
Severity ?
No CVSS data available.
CWE
- Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Navigator Links |
Affected:
unspecified , < 3.2.23
(custom)
Affected: 4.0.0 , < unspecified (custom) Affected: unspecified , < 4.3.7 (custom) Affected: 5.0.0 , < unspecified (custom) Affected: unspecified , < 5.0.1 (custom) Affected: 5.1.0 , < unspecified (custom) Affected: unspecified , < 5.1.1 (custom) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/FE-7299"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CRUC-8485"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Navigator Links",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "3.2.23",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "4.3.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThan": "5.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.0",
"versionType": "custom"
},
{
"lessThan": "5.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Crucible",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "4.8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Fisheye",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "4.8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-02T23:40:12",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/FE-7299"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CRUC-8485"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2020-06-01T00:00:00",
"ID": "CVE-2020-4026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Navigator Links",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2.23"
},
{
"version_affected": "\u003e=",
"version_value": "4.0.0"
},
{
"version_affected": "\u003c",
"version_value": "4.3.7"
},
{
"version_affected": "\u003e=",
"version_value": "5.0.0"
},
{
"version_affected": "\u003c",
"version_value": "5.0.1"
},
{
"version_affected": "\u003e=",
"version_value": "5.1.0"
},
{
"version_affected": "\u003c",
"version_value": "5.1.1"
}
]
}
},
{
"product_name": "Crucible",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.8.2"
}
]
}
},
{
"product_name": "Fisheye",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.8.2"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/FE-7299",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/FE-7299"
},
{
"name": "https://jira.atlassian.com/browse/CRUC-8485",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CRUC-8485"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2020-4026",
"datePublished": "2020-06-02T23:40:12.121427Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T04:05:05.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4026 (GCVE-0-2020-4026)
Vulnerability from nvd – Published: 2020-06-02 23:40 – Updated: 2024-09-17 04:05
VLAI?
Summary
The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check.
Severity ?
No CVSS data available.
CWE
- Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Navigator Links |
Affected:
unspecified , < 3.2.23
(custom)
Affected: 4.0.0 , < unspecified (custom) Affected: unspecified , < 4.3.7 (custom) Affected: 5.0.0 , < unspecified (custom) Affected: unspecified , < 5.0.1 (custom) Affected: 5.1.0 , < unspecified (custom) Affected: unspecified , < 5.1.1 (custom) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/FE-7299"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CRUC-8485"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Navigator Links",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "3.2.23",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "4.3.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThan": "5.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.0",
"versionType": "custom"
},
{
"lessThan": "5.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Crucible",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "4.8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Fisheye",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "4.8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-02T23:40:12",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/FE-7299"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CRUC-8485"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2020-06-01T00:00:00",
"ID": "CVE-2020-4026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Navigator Links",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2.23"
},
{
"version_affected": "\u003e=",
"version_value": "4.0.0"
},
{
"version_affected": "\u003c",
"version_value": "4.3.7"
},
{
"version_affected": "\u003e=",
"version_value": "5.0.0"
},
{
"version_affected": "\u003c",
"version_value": "5.0.1"
},
{
"version_affected": "\u003e=",
"version_value": "5.1.0"
},
{
"version_affected": "\u003c",
"version_value": "5.1.1"
}
]
}
},
{
"product_name": "Crucible",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.8.2"
}
]
}
},
{
"product_name": "Fisheye",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.8.2"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/FE-7299",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/FE-7299"
},
{
"name": "https://jira.atlassian.com/browse/CRUC-8485",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CRUC-8485"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2020-4026",
"datePublished": "2020-06-02T23:40:12.121427Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T04:05:05.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}