Xxe

2019-01-1821:29:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.3%

JSON

The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR.

CPENameOperatorVersion
universal_plugin_managerlt2.22.14

CPE	Name	Operator	Version
	universal_plugin_manager	lt	2.22.14

References

www.securityfocus.com/bid/106661

ecosystem.atlassian.net/browse/UPM-5964