PT-2012-4372 · Atlassian · Jira+4

Trevor Hartman

Published

2012-05-22

Updated

2021-12-13

CVE-2012-2926

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions Atlassian JIRA versions prior to 5.0.1 Atlassian Confluence versions prior to 3.5.16 Atlassian Confluence versions 4.0 prior to 4.0.7 Atlassian Confluence versions 4.1 prior to 4.1.10 Atlassian FishEye and Crucible versions 2.5 prior to 2.5.8 Atlassian FishEye and Crucible versions 2.6 prior to 2.6.8 Atlassian FishEye and Crucible versions 2.7 prior to 2.7.12 Atlassian Bamboo versions 3.3 prior to 3.3.4 Atlassian Bamboo versions 3.4 prior to 3.4.5 Atlassian Crowd versions 2.0 prior to 2.0.9 Atlassian Crowd versions 2.1 prior to 2.1.2 Atlassian Crowd versions 2.2 prior to 2.2.9 Atlassian Crowd versions 2.3 prior to 2.3.7 Atlassian Crowd versions 2.4 prior to 2.4.1

Description The issue allows remote attackers to read arbitrary files or cause a denial of service due to improper restriction of the capabilities of third-party XML parsers.

Recommendations For Atlassian JIRA versions prior to 5.0.1, update to version 5.0.1 or later. For Atlassian Confluence versions prior to 3.5.16, update to version 3.5.16 or later. For Atlassian Confluence versions 4.0 prior to 4.0.7, update to version 4.0.7 or later. For Atlassian Confluence versions 4.1 prior to 4.1.10, update to version 4.1.10 or later. For Atlassian FishEye and Crucible versions 2.5 prior to 2.5.8, update to version 2.5.8 or later. For Atlassian FishEye and Crucible versions 2.6 prior to 2.6.8, update to version 2.6.8 or later. For Atlassian FishEye and Crucible versions 2.7 prior to 2.7.12, update to version 2.7.12 or later. For Atlassian Bamboo versions 3.3 prior to 3.3.4, update to version 3.3.4 or later. For Atlassian Bamboo versions 3.4 prior to 3.4.5, update to version 3.4.5 or later. For Atlassian Crowd versions 2.0 prior to 2.0.9, update to version 2.0.9 or later. For Atlassian Crowd versions 2.1 prior to 2.1.2, update to version 2.1.2 or later. For Atlassian Crowd versions 2.2 prior to 2.2.9, update to version 2.2.9 or later. For Atlassian Crowd versions 2.3 prior to 2.3.7, update to version 2.3.7 or later. For Atlassian Crowd versions 2.4 prior to 2.4.1, update to version 2.4.1 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2012-2926

Affected Products

Bamboo

Confluence

Crowd

Fisheye/Crucible

Jira

PT-2012-4372 · Atlassian · Jira+4

CVE-2012-2926

Related Identifiers

Affected Products

References · 15