Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 6.12.0
Affects Version/s: CQ-2.6.6
Component/s: Universal Plugin Manager / Manage apps
Labels:

Symptom Severity:
Severity 1 - Critical
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR. See https://ecosystem.atlassian.net/browse/UPM-5964 for more details.

Attachments

Issue Links

is related to

JRASERVER-67723 The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233

Closed

UPM-5903 Loading...

relates to: PSR-126 Loading...; PSR-172 Loading...; UPM-5964 Loading...

Activity

People

Assignee:: Alex Yakovlev (Inactive)

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Due:: 02/Oct/2018

Created:: 07/Aug/2018 4:20 AM

Updated:: 01/Jun/2023 11:50 PM

Resolved:: 30/Aug/2018 11:33 PM