PT-2019-8260 · Atlassian · Application Links
Publicado
2019-03-29
·
Atualizado
2019-04-01
·
CVE-2017-18111
CVSS v3.1
8.7
Alta
| Vetor | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Atlassian Application Links versions 5.0.0 through 5.0.9
Atlassian Application Links versions 5.1.0 through 5.1.2
Atlassian Application Links versions 5.2.0 through 5.2.5
Description
The issue allows malicious OAuth application linked applications to probe internal network resources, read the contents of files, and cause an out of memory exception affecting availability via an XML External Entity vulnerability. This occurs because the OAuthHelper in Atlassian Application Links used an XML document builder that was vulnerable to XXE when consuming a client OAuth request.
Recommendations
For versions 5.0.0 through 5.0.9, update to version 5.0.10 or later.
For versions 5.1.0 through 5.1.2, update to version 5.1.3 or later.
For versions 5.2.0 through 5.2.5, update to version 5.2.6 or later.
Correção
XXE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Application Links