Search criteria
6 vulnerabilities found for Universal Plugin Manager by Atlassian
CVE-2019-14999 (GCVE-0-2019-14999)
Vulnerability from nvd – Published: 2019-08-23 13:49 – Updated: 2024-09-17 02:05
VLAI
Summary
The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator.
Severity
No CVSS data available.
CWE
- Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ecosystem.atlassian.net/browse/UPM-6044 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Universal Plugin Manager |
Affected:
unspecified , < 2.22.19
(custom)
Affected: 3.0.0 , < unspecified (custom) Affected: unspecified , < 3.0.3 (custom) Affected: 4.0.0 , < unspecified (custom) Affected: unspecified , < 4.0.3 (custom) |
Date Public
2019-08-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ecosystem.atlassian.net/browse/UPM-6044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Universal Plugin Manager",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "2.22.19",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"lessThan": "3.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "4.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-08-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-23T13:49:47.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ecosystem.atlassian.net/browse/UPM-6044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-08-22T00:00:00",
"ID": "CVE-2019-14999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Universal Plugin Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.22.19"
},
{
"version_affected": "\u003e=",
"version_value": "3.0.0"
},
{
"version_affected": "\u003c",
"version_value": "3.0.3"
},
{
"version_affected": "\u003e=",
"version_value": "4.0.0"
},
{
"version_affected": "\u003c",
"version_value": "4.0.3"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ecosystem.atlassian.net/browse/UPM-6044",
"refsource": "MISC",
"url": "https://ecosystem.atlassian.net/browse/UPM-6044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2019-14999",
"datePublished": "2019-08-23T13:49:47.751Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:05:32.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20233 (GCVE-0-2018-20233)
Vulnerability from nvd – Published: 2019-01-18 21:00 – Updated: 2024-09-16 22:09
VLAI
Summary
The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR.
Severity
No CVSS data available.
CWE
- Improper Restriction of XML External Entity Reference ('XXE')
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106661 | vdb-entryx_refsource_BID |
| https://ecosystem.atlassian.net/browse/UPM-5964 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Universal Plugin Manager |
Affected:
unspecified , < 2.22.14
(custom)
|
Date Public
2019-01-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106661",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ecosystem.atlassian.net/browse/UPM-5964"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Universal Plugin Manager",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "2.22.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-22T10:57:01.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"name": "106661",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ecosystem.atlassian.net/browse/UPM-5964"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-01-17T00:00:00",
"ID": "CVE-2018-20233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Universal Plugin Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.22.14"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106661",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106661"
},
{
"name": "https://ecosystem.atlassian.net/browse/UPM-5964",
"refsource": "CONFIRM",
"url": "https://ecosystem.atlassian.net/browse/UPM-5964"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2018-20233",
"datePublished": "2019-01-18T21:00:00.000Z",
"dateReserved": "2018-12-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:09:10.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5229 (GCVE-0-2018-5229)
Vulnerability from nvd – Published: 2018-07-16 13:00 – Updated: 2024-09-17 03:18
VLAI
Summary
The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.
Severity
No CVSS data available.
CWE
- Cross Site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ecosystem.atlassian.net/browse/UPM-5871 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Universal Plugin Manager |
Affected:
unspecified , < 2.22.9
(custom)
|
Date Public
2018-07-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:42.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ecosystem.atlassian.net/browse/UPM-5871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Universal Plugin Manager",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "2.22.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-16T12:57:01.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ecosystem.atlassian.net/browse/UPM-5871"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-07-16T00:00:00",
"ID": "CVE-2018-5229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Universal Plugin Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.22.9"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ecosystem.atlassian.net/browse/UPM-5871",
"refsource": "CONFIRM",
"url": "https://ecosystem.atlassian.net/browse/UPM-5871"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2018-5229",
"datePublished": "2018-07-16T13:00:00.000Z",
"dateReserved": "2018-01-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:18:22.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14999 (GCVE-0-2019-14999)
Vulnerability from cvelistv5 – Published: 2019-08-23 13:49 – Updated: 2024-09-17 02:05
VLAI
Summary
The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator.
Severity
No CVSS data available.
CWE
- Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ecosystem.atlassian.net/browse/UPM-6044 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Universal Plugin Manager |
Affected:
unspecified , < 2.22.19
(custom)
Affected: 3.0.0 , < unspecified (custom) Affected: unspecified , < 3.0.3 (custom) Affected: 4.0.0 , < unspecified (custom) Affected: unspecified , < 4.0.3 (custom) |
Date Public
2019-08-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ecosystem.atlassian.net/browse/UPM-6044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Universal Plugin Manager",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "2.22.19",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"lessThan": "3.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "4.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-08-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-23T13:49:47.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ecosystem.atlassian.net/browse/UPM-6044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-08-22T00:00:00",
"ID": "CVE-2019-14999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Universal Plugin Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.22.19"
},
{
"version_affected": "\u003e=",
"version_value": "3.0.0"
},
{
"version_affected": "\u003c",
"version_value": "3.0.3"
},
{
"version_affected": "\u003e=",
"version_value": "4.0.0"
},
{
"version_affected": "\u003c",
"version_value": "4.0.3"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ecosystem.atlassian.net/browse/UPM-6044",
"refsource": "MISC",
"url": "https://ecosystem.atlassian.net/browse/UPM-6044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2019-14999",
"datePublished": "2019-08-23T13:49:47.751Z",
"dateReserved": "2019-08-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:05:32.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20233 (GCVE-0-2018-20233)
Vulnerability from cvelistv5 – Published: 2019-01-18 21:00 – Updated: 2024-09-16 22:09
VLAI
Summary
The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR.
Severity
No CVSS data available.
CWE
- Improper Restriction of XML External Entity Reference ('XXE')
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106661 | vdb-entryx_refsource_BID |
| https://ecosystem.atlassian.net/browse/UPM-5964 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Universal Plugin Manager |
Affected:
unspecified , < 2.22.14
(custom)
|
Date Public
2019-01-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106661",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ecosystem.atlassian.net/browse/UPM-5964"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Universal Plugin Manager",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "2.22.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-22T10:57:01.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"name": "106661",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ecosystem.atlassian.net/browse/UPM-5964"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-01-17T00:00:00",
"ID": "CVE-2018-20233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Universal Plugin Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.22.14"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106661",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106661"
},
{
"name": "https://ecosystem.atlassian.net/browse/UPM-5964",
"refsource": "CONFIRM",
"url": "https://ecosystem.atlassian.net/browse/UPM-5964"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2018-20233",
"datePublished": "2019-01-18T21:00:00.000Z",
"dateReserved": "2018-12-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:09:10.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5229 (GCVE-0-2018-5229)
Vulnerability from cvelistv5 – Published: 2018-07-16 13:00 – Updated: 2024-09-17 03:18
VLAI
Summary
The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.
Severity
No CVSS data available.
CWE
- Cross Site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ecosystem.atlassian.net/browse/UPM-5871 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Universal Plugin Manager |
Affected:
unspecified , < 2.22.9
(custom)
|
Date Public
2018-07-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:42.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ecosystem.atlassian.net/browse/UPM-5871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Universal Plugin Manager",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "2.22.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-16T12:57:01.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ecosystem.atlassian.net/browse/UPM-5871"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-07-16T00:00:00",
"ID": "CVE-2018-5229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Universal Plugin Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.22.9"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ecosystem.atlassian.net/browse/UPM-5871",
"refsource": "CONFIRM",
"url": "https://ecosystem.atlassian.net/browse/UPM-5871"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2018-5229",
"datePublished": "2018-07-16T13:00:00.000Z",
"dateReserved": "2018-01-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:18:22.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}