Описание
The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR.
Ссылки
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.22.14 (исключая)
cpe:2.3:a:atlassian:universal_plugin_manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00771
Низкий
6.5 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR.
EPSS
Процентиль: 73%
0.00771
Низкий
6.5 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-611