VYPR

Application Links

by Atlassian

CVEs (8)

  • CVE-2017-18096HigApr 4, 2018
    risk 0.47cvss 7.2epss 0.01

    The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF)…

  • CVE-2017-16860MedMay 14, 2018
    risk 0.40cvss 6.1epss 0.01

    The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability…

  • CVE-2018-5227MedApr 10, 2018
    risk 0.31cvss 4.8epss 0.01

    Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured…

  • CVE-2019-20105Mar 17, 2020
    risk 0.00cvss epss 0.01

    The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote…

  • CVE-2019-20100Feb 12, 2020
    risk 0.00cvss epss 0.01

    The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version…

  • CVE-2019-15011Dec 17, 2019
    risk 0.00cvss epss 0.01

    The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to…

  • CVE-2018-20239Apr 30, 2019
    risk 0.00cvss epss 0.03

    Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS)…

  • CVE-2017-18111Mar 29, 2019
    risk 0.00cvss epss 0.02

    The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth…