Unauthorized Enumeration of Linked Applications in Atlassian Navigator Links

Unauthorized Enumeration of Linked Applications in Atlassian Navigator Links

CVE-2020-4026 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check.

Learn more about our Web Application Penetration Testing UK.