N/A

The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR.

N/A

N/A

Atlassian Universal Plugin Manager 安全漏洞

Atlassian Universal Plugin Manager是澳大利亚Atlassian公司的一套用于管理Atlassian应用程序中的附加组件的工具。 Atlassian Universal Plugin Manager 2.22.14之前版本中存在XML外部实体注入漏洞。远程攻击者可利用该漏洞读取文件，发送网络请求并造成拒绝服务。

N/A

N/A