Unrated severityNVD Advisory· Published Jan 18, 2019· Updated Sep 16, 2024
CVE-2018-20233
CVE-2018-20233
Description
The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR.
Affected products
2<2.22.14+ 1 more
- (no CPE)range: <2.22.14
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/106661mitrevdb-entryx_refsource_BID
- ecosystem.atlassian.net/browse/UPM-5964mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.