CVE-2019-14999

Summary

The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator.

Affected Software

VendorProductVersion RangeStatus
AtlassianUniversal Plugin Managerunspecified < 2.22.19affected
AtlassianUniversal Plugin Manager3.0.0 < unspecifiedaffected
AtlassianUniversal Plugin Managerunspecified < 3.0.3affected
AtlassianUniversal Plugin Manager4.0.0 < unspecifiedaffected
AtlassianUniversal Plugin Managerunspecified < 4.0.3affected

Weaknesses

  • Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References