CVE-2012-2926

Name of the Vulnerable Software and Affected Versions Atlassian JIRA versions prior to 5.0.1 Atlassian Confluence versions prior to 3.5.16 Atlassian Confluence versions 4.0 prior to 4.0.7 Atlassian Confluence versions 4.1 prior to 4.1.10 Atlassian FishEye and Crucible versions 2.5 prior to 2.5.8 Atlassian FishEye and Crucible versions 2.6 prior to 2.6.8 Atlassian FishEye and Crucible versions 2.7 prior to 2.7.12 Atlassian Bamboo versions 3.3 prior to 3.3.4 Atlassian Bamboo versions 3.4 prior to 3.4.5 Atlassian Crowd versions 2.0 prior to 2.0.9 Atlassian Crowd versions 2.1 prior to 2.1.2 Atlassian Crowd versions 2.2 prior to 2.2.9 Atlassian Crowd versions 2.3 prior to 2.3.7 Atlassian Crowd versions 2.4 prior to 2.4.1

Description The issue allows remote attackers to read arbitrary files or cause a denial of service due to improper restriction of the capabilities of third-party XML parsers.

Recommendations For Atlassian JIRA versions prior to 5.0.1, update to version 5.0.1 or later. For Atlassian Confluence versions prior to 3.5.16, update to version 3.5.16 or later. For Atlassian Confluence versions 4.0 prior to 4.0.7, update to version 4.0.7 or later. For Atlassian Confluence versions 4.1 prior to 4.1.10, update to version 4.1.10 or later. For Atlassian FishEye and Crucible versions 2.5 prior to 2.5.8, update to version 2.5.8 or later. For Atlassian FishEye and Crucible versions 2.6 prior to 2.6.8, update to version 2.6.8 or later. For Atlassian FishEye and Crucible versions 2.7 prior to 2.7.12, update to version 2.7.12 or later. For Atlassian Bamboo versions 3.3 prior to 3.3.4, update to version 3.3.4 or later. For Atlassian Bamboo versions 3.4 prior to 3.4.5, update to version 3.4.5 or later. For Atlassian Crowd versions 2.0 prior to 2.0.9, update to version 2.0.9 or later. For Atlassian Crowd versions 2.1 prior to 2.1.2, update to version 2.1.2 or later. For Atlassian Crowd versions 2.2 prior to 2.2.9, update to version 2.2.9 or later. For Atlassian Crowd versions 2.3 prior to 2.3.7, update to version 2.3.7 or later. For Atlassian Crowd versions 2.4 prior to 2.4.1, update to version 2.4.1 or later.