{"api_version":"1","generated_at":"2026-04-23T02:35:18+00:00","cve":"CVE-2019-15011","urls":{"html":"https://cve.report/CVE-2019-15011","api":"https://cve.report/api/cve/CVE-2019-15011.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-15011","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-15011"},"summary":{"title":"CVE-2019-15011","description":"The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check.","state":"PUBLIC","assigner":"security@atlassian.com","published_at":"2019-12-17 04:15:00","updated_at":"2019-12-30 17:45:00"},"problem_types":["CWE-276"],"metrics":[],"references":[{"url":"https://ecosystem.atlassian.net/browse/APL-1386","name":"https://ecosystem.atlassian.net/browse/APL-1386","refsource":"MISC","tags":["Vendor Advisory"],"title":"[APL-1386] Information disclosure in the listEntityLinks servlet resource - CVE-2019-15011 - Ecosystem Jira","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-15011","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15011","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"15011","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"atlassian","cpe5":"application_links","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"15011","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"atlassian","cpe5":"application_links","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-15011","qid":"730438","title":"Update TITLE manually (JRASERVER-70409)"},{"cve":"CVE-2019-15011","qid":"730440","title":"Atlassian Jira Server Information Disclosure Vulnerability (JRASERVER-70409)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@atlassian.com","DATE_PUBLIC":"2019-12-17T00:00:00","ID":"CVE-2019-15011","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Application Links","version":{"version_data":[{"version_value":"5.0.12","version_affected":"<"},{"version_value":"5.1.0","version_affected":">="},{"version_value":"5.2.11","version_affected":"<"},{"version_value":"5.3.0","version_affected":">="},{"version_value":"5.3.7","version_affected":"<"},{"version_value":"5.4.0","version_affected":">="},{"version_value":"5.4.13","version_affected":"<"},{"version_value":"6.0.0","version_affected":">="},{"version_value":"6.0.5","version_affected":"<"}]}}]},"vendor_name":"Atlassian"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information Exposure"}]}]},"references":{"reference_data":[{"url":"https://ecosystem.atlassian.net/browse/APL-1386","refsource":"MISC","name":"https://ecosystem.atlassian.net/browse/APL-1386"}]}},"nvd":{"publishedDate":"2019-12-17 04:15:00","lastModifiedDate":"2019-12-30 17:45:00","problem_types":["CWE-276"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.0.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.0","versionEndExcluding":"5.4.13","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1.0","versionEndExcluding":"5.2.11","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:atlassian:application_links:*:*:*:*:*:*:*:*","versionEndExcluding":"5.0.12","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"15011","Ordinal":"154277","Title":"CVE-2019-15011","CVE":"CVE-2019-15011","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"15011","Ordinal":"1","NoteData":"The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"15011","Ordinal":"2","NoteData":"2019-12-16","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"15011","Ordinal":"3","NoteData":"2019-12-16","Type":"Other","Title":"Modified"}]}}}