The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR. See https://ecosystem.atlassian.net/browse/UPM-5964 for more details.
CPE | Name | Operator | Version |
---|---|---|---|
confluence server and data center | le | CQ-2.6.6 | |
confluence server and data center | lt | 6.12.0 |