167 matches found
CVE-2019-14999
The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery CSRF vulnerability on an authenticated...
CVE-2019-14999
The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery CSRF vulnerability on an authenticated...
CVE-2019-14999
The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery CSRF vulnerability on an authenticated...
CVE-2019-14999
The CVE-2019-14999 vulnerability affects the Atlassian Universal Plugin Manager (UPM) REST uninstall endpoint used by Jira. Versions affected are UPM prior to 2.22.19, 3.0.x prior to 3.0.3, and 4.0.x prior to 4.0.3. The flaw allows an authenticated administrator to be CSRF-triggered to uninstall ...
The bundled Atlassian Universal Plugin Manager plugin had a CSRF issue - CVE-2019-14999
The version of the bundled Atlassian Universal Plugin Manager plugin had a CSRF vulnerability that allowed remote attackers, through an administrator, uninstall plugins through a rest endpoint. See https://ecosystem.atlassian.net/browse/UPM-6044 for more details...
The bundled Atlassian Universal Plugin Manager plugin had a CSRF issue - CVE-2019-14999
The version of the bundled Atlassian Universal Plugin Manager plugin had a CSRF vulnerability that allowed remote attackers, through an administrator, uninstall plugins through a rest endpoint. See https://ecosystem.atlassian.net/browse/UPM-6044 for more details...
Xxe
The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian...
CVE-2018-20233
The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian...
CVE-2018-20233
CVE-2018-20233 concerns the Atlassian Universal Plugin Manager (UPM) plugin bundled with Atlassian products. The vulnerability is an XML External Entity (XXE) issue in the parsing of atlassian plugin XML files inside an uploaded JAR, exploitable by remote attackers who already have system adminis...
CVE-2018-20233
The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian...
Atlassian Jira - (Authenticated) Upload Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Jira Authenticated Upload Code Execution', 'Description' = %q This module can be used to execute a payload on Atlassian Jira via the...
Atlassian Jira Authenticated Upload Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Jira Authenticated Upload Code Execution', 'Description' = %q This module can be used to execute a payload on Atlassian Jira via the...
Atlassian Jira Authenticated Upload Code Execution Exploit
This Metasploit module can be used to execute a payload on Atlassian Jira via the Universal Plugin ManagerUPM. The module requires valid login credentials to an account that has access to the plugin manager. The payload is uploaded as a JAR archive containing a servlet using a POST request agains...
The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233
The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...
The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233
The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...
The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233
The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...
The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233
The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...
Atlassian Universal Plugin Manager Cross-Site Scripting Vulnerability
Atlassian Universal Plugin Manager is a set of tools from Atlassian Australia for managing add-ons in Atlassian applications. A cross-site scripting vulnerability exists in the NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager versions prior to 2.22.9. A remote...
CVE-2018-5229
The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of user submitted add-on names...
CVE-2018-5229
The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of user submitted add-on names...