CSRF in Plugins Uninstall REST Endpoint - CVE-2019-14999

Description

The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator.

Environment

None

Testing Notes

None

Security Policy

None

Assignee

Unassigned

Reporter

SecurityB

Team

None

QA Dev

None

Needs Doc

None

Peer Reviewer

None

Mgr Approver

None

CC

None

Product

None

App Key

None

DC app ready for review?

Not Ready

App ID

None

Fix versions

Affects versions

Priority

Major
Configure