CVE-2018-20233

Name of the Vulnerable Software and Affected Versions: Atlassian Universal Plugin Manager version prior to 2.22.14

Description: The issue allows remote attackers with system administrator privileges to read files, make network requests, and perform a denial of service attack. This is due to an XML External Entity vulnerability in the parsing of Atlassian plugin XML files in an uploaded JAR.

Recommendations: For versions prior to 2.22.14, update to version 2.22.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the Upload add-on resource to minimize the risk of exploitation.