[JRASERVER-66748] The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: High (View bug fix roadmap)
Fix Version/s: 7.10.0, 7.9.2, 7.7.4, 7.8.4, 7.6.7
Affects Version/s: 7.6.0, 7.7.0, 7.8.0, 7.9.0
Component/s: UPM (Universal Plugin Manager)
Labels:

Fixed in Long Term Support Release/s:

Download 7.6
Introduced in Version:
7.06
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The version of the bundled Atlassian Universal Plugin Manager plugin had a cross site scripting vulnerability (XSS). See https://ecosystem.atlassian.net/browse/UPM-5871 for more details.

is related to

BAM-19786 The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229

Closed

CONFSERVER-55237 The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229

Closed

UPM-5871 XSS through user requested add-on names - CVE-2018-5229

Done

was cloned as

BSERV-10606 The bundled Atlassian Universal Plugin Manager plugin had a XSS issue - CVE-2018-5229

Closed

mentioned in: Page Failed to load

relates to: UPM-5806 Loading...; RAID-900 Loading...

(2 relates to)

No work has yet been logged on this issue.

Assignee:: Ignat (Inactive)

Reporter:: David Black

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 07/Feb/2018 10:17 PM

Updated:: 01/Jun/2023 9:08 AM

Resolved:: 09/May/2018 11:18 AM