CVEDB API

Vulnerabilities

Vulnerable Software

Atlassian: >> Universal Plugin Manager >> 1.3.2 Security Vulnerabilities

CVE-2019-14999

The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator.

CVSS Score

4.3

EPSS Score

0.001

Published

2019-08-23

CVE-2018-20233

The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR.

CVSS Score

6.5

EPSS Score

0.008

Published

2019-01-18

CVE-2018-5229

The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.

CVSS Score

5.4

EPSS Score

0.002

Published

2018-07-16

Page 1

Vulnerabilities

Vulnerable Software

Atlassian: >> Universal Plugin Manager >> 1.3.2 Security Vulnerabilities

Products

Pricing

Contact Us