First published: Thu Aug 22 2019(Updated: )
The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator.
Credit: security@atlassian.com
Affected Software | Affected Version | How to fix |
---|---|---|
Atlassian Universal Plugin Manager | <2.22.19 | |
Atlassian Universal Plugin Manager | >=3.0.0<3.0.3 | |
Atlassian Universal Plugin Manager | >=4.0.0<4.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-14999 has a moderate severity rating due to the potential for remote attackers to uninstall plugins via CSRF.
To fix CVE-2019-14999, you should upgrade to Atlassian Universal Plugin Manager version 2.22.19 or later, or version 3.0.3 or later.
CVE-2019-14999 affects Atlassian Universal Plugin Manager versions prior to 2.22.19, from 3.0.0 to 3.0.2, and from 4.0.0 to 4.0.2.
CVE-2019-14999 is a Cross-Site Request Forgery (CSRF) vulnerability.
CVE-2019-14999 can be exploited by remote attackers with the ability to authenticate as an admin.