CVE-2019-20105 vulnerability in Atlassian Products
Published on March 17, 2020
The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have obtained access to administrator's session to access the EditApplinkServlet resource without needing to re-authenticate to pass "WebSudo" in products that support "WebSudo" through an improper access control vulnerability.
Products Associated with CVE-2019-20105
stack.watch emails you whenever new vulnerabilities are published in Atlassian Application Links or Atlassian Jira. Just hit a watch button to start following.
Affected Versions
Atlassian Application Links:- Version unspecified and below 5.4.20 is affected.
- Version 6.0.0 and below unspecified is affected.
- Version unspecified and below 6.0.12 is affected.
- Version 7.0.0 and below unspecified is affected.
- Version unspecified and below 7.0.1 is affected.
- Version 7.1.0 and below unspecified is affected.
- Version unspecified and below 7.1.3 is affected.
- Version 7.13.8 and below unspecified is affected.
- Version unspecified and below 7.13.12 is affected.
- Version 8.4.2 and below unspecified is affected.
- Version unspecified and below 8.5.4 is affected.
- Version 8.6.0 and below unspecified is affected.
- Version unspecified and below 8.6.1 is affected.
Exploit Probability
EPSS
0.20%
Percentile
41.70%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.