GCVE - cpe:2.3:a:atlassian:universal_plugin_manager:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:atlassian:universal_plugin_manager:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Atlassian (`8acde0d4-2b83-5bd8-8d3f-60d59e0b022e`)
Product	Universal Plugin Manager (`99cec9ee-4684-564f-b350-fdd7e77120e7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-14999`	vulnerable	2026-06-03 14:39:46.944510	Details available The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator. Published: 2019-08-23T13:49:47.751Z Updated: 2024-09-17T02:05:32.904Z Open on db.gcve.eu Reference links https://ecosystem.atlassian.net/browse/UPM-6044	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-5229`	vulnerable	2026-06-03 14:38:57.280030	Details available The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names. Published: 2018-07-16T13:00:00.000Z Updated: 2024-09-17T03:18:22.247Z Open on db.gcve.eu Reference links https://ecosystem.atlassian.net/browse/UPM-5871	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-20233`	vulnerable	2026-06-03 14:38:38.789682	Details available The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR. Published: 2019-01-18T21:00:00.000Z Updated: 2024-09-16T22:09:10.800Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/106661 https://ecosystem.atlassian.net/browse/UPM-5964	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.