CVE-2019-14999

EUVD-2019-6087
The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
atlassianuniversal_plugin_manager
𝑥
< 2.22.19
atlassianuniversal_plugin_manager
3.0.0 ≤
𝑥
< 3.0.3
atlassianuniversal_plugin_manager
4.0.0 ≤
𝑥
< 4.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://ecosystem.atlassian.net/browse/UPM-6044
https://ecosystem.atlassian.net/browse/UPM-6044