32 matches found
EUVD-2018-12799
Malware in sbrugna...
EUVD-2018-17012
Malware in sbrugna...
EUVD-2019-6087
Malware in sbrugna...
Unvalidated redirects in UPM via reverse tabnapping
Affected versions of Atlassian Jira Server and Data Center allow an authenticated attacker to redirect a user to a malicious website via an unvalidated redirect vulnerability in some Universal Plugin Manager pages, e.g. "Manage apps" and "Find new apps". Affected versions: version 7.13.16 7.14.0 ...
CVE-2019-14999
The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery CSRF vulnerability on an authenticated...
CVE-2019-14999
The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery CSRF vulnerability on an authenticated...
CVE-2019-14999
The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery CSRF vulnerability on an authenticated...
CVE-2019-14999
The CVE-2019-14999 vulnerability affects the Atlassian Universal Plugin Manager (UPM) REST uninstall endpoint used by Jira. Versions affected are UPM prior to 2.22.19, 3.0.x prior to 3.0.3, and 4.0.x prior to 4.0.3. The flaw allows an authenticated administrator to be CSRF-triggered to uninstall ...
The bundled Atlassian Universal Plugin Manager plugin had a CSRF issue - CVE-2019-14999
The version of the bundled Atlassian Universal Plugin Manager plugin had a CSRF vulnerability that allowed remote attackers, through an administrator, uninstall plugins through a rest endpoint. See https://ecosystem.atlassian.net/browse/UPM-6044 for more details...
The bundled Atlassian Universal Plugin Manager plugin had a CSRF issue - CVE-2019-14999
The version of the bundled Atlassian Universal Plugin Manager plugin had a CSRF vulnerability that allowed remote attackers, through an administrator, uninstall plugins through a rest endpoint. See https://ecosystem.atlassian.net/browse/UPM-6044 for more details...
Xxe
The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian...
CVE-2018-20233
The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian...
CVE-2018-20233
CVE-2018-20233 concerns the Atlassian Universal Plugin Manager (UPM) plugin bundled with Atlassian products. The vulnerability is an XML External Entity (XXE) issue in the parsing of atlassian plugin XML files inside an uploaded JAR, exploitable by remote attackers who already have system adminis...
CVE-2018-20233
The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian...
Atlassian Jira - (Authenticated) Upload Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Jira Authenticated Upload Code Execution', 'Description' = %q This module can be used to execute a payload on Atlassian Jira via the...
Atlassian Jira Authenticated Upload Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Jira Authenticated Upload Code Execution', 'Description' = %q This module can be used to execute a payload on Atlassian Jira via the...
Atlassian Jira Authenticated Upload Code Execution Exploit
This Metasploit module can be used to execute a payload on Atlassian Jira via the Universal Plugin ManagerUPM. The module requires valid login credentials to an account that has access to the plugin manager. The payload is uploaded as a JAR archive containing a servlet using a POST request agains...
The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233
The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...
The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233
The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...
The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233
The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in t...