PT-2012-4374 · Atlassian · Jira Gliffy Plugin+1
Publicado
2012-05-22
·
Atualizado
2022-05-14
·
CVE-2012-2928
CVSS v2.0
6.4
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Atlassian JIRA Gliffy plugin versions prior to 3.7.1
Atlassian Confluence Gliffy plugin versions prior to 4.2
Description
The issue allows remote attackers to read arbitrary files or cause a denial of service due to improper restriction of third-party XML parsers' capabilities.
Recommendations
For Atlassian JIRA Gliffy plugin versions prior to 3.7.1, update to version 3.7.1 or later.
For Atlassian Confluence Gliffy plugin versions prior to 4.2, update to version 4.2 or later.
Correção
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Confluence Gliffy Plugin
Jira Gliffy Plugin