Vulnerability in Atlassian Confluence_server
CVE-2012-2928
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of…
EPSS: 0.019 (83.7th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Confluence_server — versions 4.1.9
- Atlassian Jira
- Gliffy — versions 1.0.1, 2.0.0, 2.0.1
- N/a — versions n/a
Weakness classification (CWE)
References
- 49166 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Mitigation, Vendor Advisory)
- 81993 (x_refsource_OSVDB, vdb-entry, Broken Link)
- 53595 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID, Broken Link)
- cve@mitre.org (x_refsource_CONFIRM, Mitigation, Vendor Advisory)
- jira-xml-dos(75697) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)