CVE-2018-20233
N/A
N/A
Summary
The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Atlassian | Universal Plugin Manager | unspecified < 2.22.14 | affected |
Weaknesses
- Improper Restriction of XML External Entity Reference ('XXE')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.