Details
-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
Severity 1 - Critical
-
Description
The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR. See https://ecosystem.atlassian.net/browse/UPM-5964 for more details.
Attachments
Issue Links
- is related to
-
JRASERVER-67723 The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233
- Closed
-
UPM-5903 Loading...
-
BDEV-14706 Loading...
- discovered while testing
-
BDEV-14621 Loading...
- mentioned in
-
Page Loading...
- relates to
-
UPM-5964 Loading...