[JRASERVER-66748] The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: High (View bug fix roadmap)
Fix Version/s: 7.10.0, 7.9.2, 7.7.4, 7.8.4, 7.6.7
Affects Version/s: 7.6.0, 7.7.0, 7.8.0, 7.9.0
Component/s: UPM (Universal Plugin Manager)
Labels:

Fixed in Long Term Support Release/s:

Download 7.6
Introduced in Version:
7.06
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The version of the bundled Atlassian Universal Plugin Manager plugin had a cross site scripting vulnerability (XSS). See https://ecosystem.atlassian.net/browse/UPM-5871 for more details.

is related to

BAM-19786 The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229

Closed

CONFSERVER-55237 The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229

Closed

UPM-5871 XSS through user requested add-on names - CVE-2018-5229

Done

was cloned as

BSERV-10606 The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229

Closed

mentioned in: Page Failed to load

relates to: UPM-5806 Loading...; RAID-900 Loading...

(2 relates to)

Anonymous made changes - 01/Jun/2023 9:08 AM

Remote Link

Original: This issue links to "UPM-5871 (Ecosystem Jira)" [ 377926 ]

New: This issue links to "UPM-5871 (Ecosystem JIRA)" [ 377926 ]

set-jac-bot made changes - 22/May/2020 8:24 AM

Fixed in Enterprise Release/s

New: [Download 7.6|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html]

Bugfix Automation Bot made changes - 28/Mar/2019 12:24 AM

Minimum Version

New: 7.06

Mila made changes - 05/Feb/2019 3:00 PM

Component/s		New: UPM [ 10870 ]
Component/s	Original: Plugin Manager [ 46079 ]

Owen made changes - 16/Oct/2018 12:48 AM

Workflow	Original: JAC Bug Workflow v2 [ 2848534 ]	New: JAC Bug Workflow v3 [ 2919285 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 25/Sep/2018 4:18 AM

Symptom Severity

Original: Major [ 14431 ]

New: Severity 2 - Major [ 15831 ]

Owen made changes - 25/Sep/2018 12:43 AM

Workflow

Original: JIRA Bug Workflow w Kanban v7 - Restricted [ 2598452 ]

New: JAC Bug Workflow v2 [ 2848534 ]

David Black made changes - 23/Jul/2018 6:47 AM

Summary

Original: The bundled Atlassian Universal Plugin Manager plugin had an XSS issue - CVE-2018-5229

New: The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229

David Black made changes - 23/Jul/2018 6:40 AM

Security

Original: Reporter and Atlassian Staff [ 10751 ]

David Black made changes - 23/Jul/2018 6:40 AM

Labels

Original: cvss-high patch-management raid security

New: advisory advisory-released cvss-high patch-management raid security

Assignee:: Ignat (Inactive)

Reporter:: David Black

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 07/Feb/2018 10:17 PM

Updated:: 01/Jun/2023 9:08 AM

Resolved:: 09/May/2018 11:18 AM

Jira Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

[JRASERVER-66748] The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229

People

Dates