Information disclosure in the listEntityLinks servlet resource - CVE-2019-15011

Description

The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check.

Environment

None

Testing Notes

Add notes...

Assignee

Unassigned

Reporter

David Black

Add-on Type

None

Team

None

CC

None

Risk factor

None

QA Kickoff Status

None

QA Demo Status

None

Fix versions

Priority

Major
Configure