3 matches found
CVE-2019-14999
The CVE-2019-14999 vulnerability affects the Atlassian Universal Plugin Manager (UPM) REST uninstall endpoint used by Jira. Versions affected are UPM prior to 2.22.19, 3.0.x prior to 3.0.3, and 4.0.x prior to 4.0.3. The flaw allows an authenticated administrator to be CSRF-triggered to uninstall ...
CVE-2018-5229
The CVE concerns Atlassian Universal Plugin Manager (UPM). The vulnerability is a Cross-Site Scripting (XSS) in the NotificationRepresentationFactoryImpl class that affects UPM versions before 2.22.9, allowing an attacker to inject arbitrary HTML/JavaScript via user-submitted add-on names. Public...
CVE-2018-20233
CVE-2018-20233 concerns the Atlassian Universal Plugin Manager (UPM) plugin bundled with Atlassian products. The vulnerability is an XML External Entity (XXE) issue in the parsing of atlassian plugin XML files inside an uploaded JAR, exploitable by remote attackers who already have system adminis...