Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for navigator_links by atlassian

    CVE-2020-4026 (GCVE-0-2020-4026)

    Vulnerability from nvd – Published: 2020-06-02 23:40 – Updated: 2024-09-17 04:05
    VLAI
    Summary
    The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check.
    Severity
    No CVSS data available.
    CWE
    • Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Navigator Links Affected: unspecified , < 3.2.23 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.7 (custom)
    Affected: 5.0.0 , < unspecified (custom)
    Affected: unspecified , < 5.0.1 (custom)
    Affected: 5.1.0 , < unspecified (custom)
    Affected: unspecified , < 5.1.1 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.2 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.8.2 (custom)
    Create a notification for this product.
    Date Public
    2020-06-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:52:20.704Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7299"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8485"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Navigator Links",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.2.23",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.1.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-06-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Authorization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-02T23:40:12.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7299"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8485"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-06-01T00:00:00",
              "ID": "CVE-2020-4026",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Navigator Links",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.2.23"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.0.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.1.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/FE-7299",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7299"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8485",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8485"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-4026",
        "datePublished": "2020-06-02T23:40:12.121Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:05:05.012Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4026 (GCVE-0-2020-4026)

    Vulnerability from cvelistv5 – Published: 2020-06-02 23:40 – Updated: 2024-09-17 04:05
    VLAI
    Summary
    The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check.
    Severity
    No CVSS data available.
    CWE
    • Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Navigator Links Affected: unspecified , < 3.2.23 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.7 (custom)
    Affected: 5.0.0 , < unspecified (custom)
    Affected: unspecified , < 5.0.1 (custom)
    Affected: 5.1.0 , < unspecified (custom)
    Affected: unspecified , < 5.1.1 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.2 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.8.2 (custom)
    Create a notification for this product.
    Date Public
    2020-06-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:52:20.704Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7299"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8485"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Navigator Links",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.2.23",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.1.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-06-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Authorization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-02T23:40:12.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7299"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8485"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-06-01T00:00:00",
              "ID": "CVE-2020-4026",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Navigator Links",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.2.23"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.0.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.1.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/FE-7299",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7299"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8485",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8485"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-4026",
        "datePublished": "2020-06-02T23:40:12.121Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:05:05.012Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }