CVE-2020-4026

MEDIUM

Atlassian Navigator Links < 3.3.23, 4.0.0-4.3.6, 5.0.0, 5.1.0 - Incorrect Authorization in CustomAppsRestResource

Title source: llm
STIX 2.1

Description

The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://jira.atlassian.com/browse/FE-7299
Vendor Advisory x_refsource_misc
https://jira.atlassian.com/browse/CRUC-8485

Scores

CVSS v3 4.3
EPSS 0.0016
EPSS Percentile 36.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-863
Status published
Products (1)
atlassian/navigator_links < 3.3.23
Published Jun 03, 2020
Tracked Since Feb 18, 2026