cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-20105,https://securityvulnerability.io/vulnerability/CVE-2019-20105,Improper Access Control in Atlassian Application Links Plugin,"The Atlassian Application Links plugin contains an improper access control vulnerability in the EditApplinkServlet resource. This issue allows remote attackers who have acquired an administrator session to access critical resources without the need to re-authenticate, circumventing the 'WebSudo' protection. This can lead to unauthorized access and potential exposure of sensitive application data in environments utilizing the affected versions of the plugin.",Atlassian,"Application Links,Jira Server And Data Center",4.9,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2020-03-17T00:00:00.000Z,0
CVE-2019-20100,https://securityvulnerability.io/vulnerability/CVE-2019-20100,Cross-Site Request Forgery Vulnerability in Atlassian Application Links Plugin,"The Atlassian Application Links plugin has a vulnerability that allows for cross-site request forgery (CSRF) attacks, affecting various versions of the plugin and its integration with Jira Server and Data Center. An attacker could potentially exploit the vulnerability by tricking an authorized administrator into submitting a malicious HTTP request. This could enable the attacker to access sensitive information, manage hosts, and open ports within the internal network where the Jira Server is deployed, thereby compromising the integrity and confidentiality of the environment.",Atlassian,"Application Links,Jira Server",4.7,MEDIUM,0.00107999995816499,false,,false,false,false,,,false,false,,2020-02-12T14:15:00.000Z,0
CVE-2019-15011,https://securityvulnerability.io/vulnerability/CVE-2019-15011,Permission Check Vulnerability in Application Links by Atlassian,"The ListEntityLinksServlet in Atlassian's Application Links is prone to a vulnerability that allows non-admin users to access sensitive application link information due to a lack of proper permission checks in specific versions. This issue affects several versions before updates were released, posing risks of unauthorized information disclosure.",Atlassian,Application Links,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-12-17T00:00:00.000Z,0
CVE-2018-20239,https://securityvulnerability.io/vulnerability/CVE-2018-20239,Cross-Site Scripting Vulnerability in Atlassian Application Links Plugin,"The Atlassian Application Links plugin, utilized by several Atlassian products, is susceptible to a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary HTML or JavaScript through the applinkStartingUrl parameter. This issue affects numerous products including Confluence, Crucible, Crowd, Fisheye, and Jira, posing a significant security concern for users on the specified versions.",Atlassian,Atlassian Application Links,5.4,MEDIUM,0.00343999988399446,false,,false,false,false,,,false,false,,2019-04-30T16:29:00.000Z,0
CVE-2017-18111,https://securityvulnerability.io/vulnerability/CVE-2017-18111,XML External Entity Vulnerability in Atlassian Application Links,"The OAuthHelper component within Atlassian Application Links prior to version 5.0.10 and specific versions between 5.1.0 and 5.2.6 is susceptible to an XML External Entity (XXE) vulnerability. This flaw arises when processing XML documents from client OAuth requests, allowing attackers to exploit this weakness to probe internal network resources, read sensitive file contents, and potentially trigger out of memory exceptions, compromising system availability.",Atlassian,Application Links,8.7,HIGH,0.0014199999859556556,false,,false,false,false,,,false,false,,2019-03-29T14:29:00.000Z,0
CVE-2017-16860,https://securityvulnerability.io/vulnerability/CVE-2017-16860,,"The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message.",Atlassian,Application Links,6.1,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2018-05-14T00:00:00.000Z,0
CVE-2018-5227,https://securityvulnerability.io/vulnerability/CVE-2018-5227,,Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link.,Atlassian,Atlassian Application Links,4.8,MEDIUM,0.0005499999970197678,false,,false,false,false,,,false,false,,2018-04-10T00:00:00.000Z,0
CVE-2017-18096,https://securityvulnerability.io/vulnerability/CVE-2017-18096,,"The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location's OAuth status rest resource to an internal location. When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information.",Atlassian,Atlassian Application Links,7.2,HIGH,0.002950000111013651,false,,false,false,false,,,false,false,,2018-04-04T00:00:00.000Z,0