CSRF in Atlassian Application Links plugin allows network enumeration - CVE-2019-20100

Description

The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where a server using this plugin is present.

The following versions of the plugin are affected:

  • Versions before 5.4.21

  • 6.0.x before 6.0.12

  • 6.1.x before 6.1.2

  • 7.0.x before 7.0.2

  • 7.1.x before 7.1.3

Environment

None

Testing Notes

Add notes...

Assignee

Unassigned

Reporter

SecurityB

Add-on Type

None

Team

None

CC

None

Risk factor

None

QA Kickoff Status

None

QA Demo Status

None

Fix versions

Affects versions

Priority

Major
Configure