The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/106661 | Third Party Advisory VDB Entry |
| https://ecosystem.atlassian.net/browse/UPM-5964 | Issue Tracking Vendor Advisory |
| http://www.securityfocus.com/bid/106661 | Third Party Advisory VDB Entry |
| https://ecosystem.atlassian.net/browse/UPM-5964 | Issue Tracking Vendor Advisory |
Configurations
History
21 Nov 2024, 04:01
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://www.securityfocus.com/bid/106661 - Third Party Advisory, VDB Entry | |
| References | () https://ecosystem.atlassian.net/browse/UPM-5964 - Issue Tracking, Vendor Advisory |
Information
Published : 2019-01-18 21:29
Updated : 2024-11-21 04:01
NVD link : CVE-2018-20233
Mitre link : CVE-2018-20233
CVE.ORG link : CVE-2018-20233
JSON object : View
Products Affected
atlassian
- universal_plugin_manager
CWE
CWE-611
Improper Restriction of XML External Entity Reference