CVE-2019-14999
Summary
| CVE | CVE-2019-14999 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-08-23 14:15:00 UTC |
| Updated | 2019-08-30 13:51:00 UTC |
| Description | The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Atlassian | Universal Plugin Manager | All | All | All | All |
| Application | Atlassian | Universal Plugin Manager | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [UPM-6044] CSRF in Plugins Uninstall REST Endpoint - CVE-2019-14999 - Ecosystem Jira | MISC | ecosystem.atlassian.net | Issue Tracking, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.