CVE-2018-20233 - The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remot

CVE-2018-20233

Summary

The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR.

References

Vulnerable Configurations

cpe:2.3:a:atlassian:universal_plugin_manager:1.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.7.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.7.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.7.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.7.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.7.7:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.7.7:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.7.10:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.7.10:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.8:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.8:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.9:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.9:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.9.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.9.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.9.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.9.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.10:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.10:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.10.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.10.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.11:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.11:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.12:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.12:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.12.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.12.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.12.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.12.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.13.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.13.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.14:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.14:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.14.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.14.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.14.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.14.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.14.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.14.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.14.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.14.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.14.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.14.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.15:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.15:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.15.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.15.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.15.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.15.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.15.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.15.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.16:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.16:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.16.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.16.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.16.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.16.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.16.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.16.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.16.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.16.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.16.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.16.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.7:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.7:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.8:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.8:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.10:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.10:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.11:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.11:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.13:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.13:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.14:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.14:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.15:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.15:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.17:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.17.17:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.18:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.18:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.18.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.18.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.18.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.18.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.18.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.18.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.18.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.18.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.19.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.19.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.19.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.19.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.19.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.19.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.19.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.19.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.19.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.19.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.20:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.20:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.20.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.20.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.20.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.20.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.20.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.20.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.20.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.20.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.20.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.20.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.20.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.20.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.20.7:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.20.7:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.21:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.21:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.21.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.21.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.21.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.21.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.21.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.21.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.21.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.21.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.8:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.8:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.9:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.9:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.10:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.10:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.11:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.11:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.12:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:universal_plugin_manager:2.22.12:*:*:*:*:*:*:*

CVSS

Base:	5.5 (as of 06-02-2019 - 18:15)
Impact:
Exploitability:

CWE

CWE-611

CAPEC

XML External Entities Blowup
This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:N/A:P

refmap via4

bid	106661
confirm	https://ecosystem.atlassian.net/browse/UPM-5964

Last major update

06-02-2019 - 18:15

Published

18-01-2019 - 21:29

Last modified

06-02-2019 - 18:15