cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2019-20105,https://securityvulnerability.io/vulnerability/CVE-2019-20105,,"The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have obtained access to administrator's session to access the EditApplinkServlet resource without needing to re-authenticate to pass ""WebSudo"" in products that support ""WebSudo"" through an improper access control vulnerability.",Atlassian,"Application Links,Jira Server And Data Center",4.9,MEDIUM,0.0008999999845400453,false,false,false,false,,false,false,2020-03-17T00:00:00.000Z,0
CVE-2019-20100,https://securityvulnerability.io/vulnerability/CVE-2019-20100,,"The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version 7.1.0 before version 7.1.3. The vulnerable plugin is used by Atlassian Jira Server and Data Center before version 8.7.0. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.",Atlassian,"Application Links,Jira Server",4.7,MEDIUM,0.001129999989643693,false,false,false,false,,false,false,2020-02-12T14:15:00.000Z,0
CVE-2019-15011,https://securityvulnerability.io/vulnerability/CVE-2019-15011,,"The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check.",Atlassian,Application Links,4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2019-12-17T00:00:00.000Z,0
CVE-2018-20239,https://securityvulnerability.io/vulnerability/CVE-2018-20239,,"Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0.",Atlassian,Atlassian Application Links,5.4,MEDIUM,0.00343999988399446,false,false,false,false,,false,false,2019-04-30T16:29:00.000Z,0
CVE-2017-18111,https://securityvulnerability.io/vulnerability/CVE-2017-18111,,"The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked applications to probe internal network resources by requesting internal locations, read the contents of files and also cause an out of memory exception affecting availability via an XML External Entity vulnerability.",Atlassian,Application Links,8.7,HIGH,0.0014199999859556556,false,false,false,false,,false,false,2019-03-29T14:29:00.000Z,0
CVE-2017-16860,https://securityvulnerability.io/vulnerability/CVE-2017-16860,,"The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message.",Atlassian,Application Links,6.1,MEDIUM,0.0010300000431016088,false,false,false,false,,false,false,2018-05-14T00:00:00.000Z,0
CVE-2018-5227,https://securityvulnerability.io/vulnerability/CVE-2018-5227,,Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link.,Atlassian,Atlassian Application Links,4.8,MEDIUM,0.0005499999970197678,false,false,false,false,,false,false,2018-04-10T00:00:00.000Z,0
CVE-2017-18096,https://securityvulnerability.io/vulnerability/CVE-2017-18096,,"The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location's OAuth status rest resource to an internal location. When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information.",Atlassian,Atlassian Application Links,7.2,HIGH,0.002950000111013651,false,false,false,false,,false,false,2018-04-04T00:00:00.000Z,0