CVE-2019-14999

2019-08-2313:49:47

atlassian

www.cve.org

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

32.4%

JSON

The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator.

CNA Affected

[
  {
    "product": "Universal Plugin Manager",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "2.22.19",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "3.0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "3.0.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "4.0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.0.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

ecosystem.atlassian.net/browse/UPM-6044