Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 7.6.10, 7.7.5, 7.8.5, 7.9.3, 7.10.3, 7.11.3, 7.12.4, 7.13.1
Affects Version/s: 7.12.1
Component/s: Administration - Others, UPM (Universal Plugin Manager)
Labels:

Fixed in Long Term Support Release/s:

Download 7.13, 7.6
Introduced in Version:
7.12
Symptom Severity:
Severity 1 - Critical

The version of the bundled Atlassian Universal Plugin Manager plugin had a XML External Entity vulnerability that allowed remote attackers with system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR. See https://ecosystem.atlassian.net/browse/UPM-5964 for more details.

relates to

BSERV-11037 The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233

Closed

BAM-20026 The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233

Closed

CONFSERVER-56238 The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233

Closed

CRUC-8303 The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233

Closed

FE-7078 The bundled Atlassian Universal Plugin Manager plugin had a XXE issue - CVE-2018-20233

Closed

RAID-1005 Loading...

UPM-5964 Loading...

is related to: UPM-5903 Loading...

mentioned in: Page Loading...

(2 relates to, 1 is related to, 1 mentioned in)

Assignee:: Ignat (Inactive)
Reporter:: Security Metrics Bot
Votes:: 0 Vote for this issue
Watchers:: 5 Start watching this issue

Due:: 02/Oct/2018
Created:: 07/Aug/2018 4:20 AM
Updated:: 22/May/2020 8:23 AM
Resolved:: 27/Nov/2018 12:22 PM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates