PT-2012-4374 · Atlassian · Jira Gliffy Plugin+1

Published

2012-05-22

Updated

2022-05-14

CVE-2012-2928

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions Atlassian JIRA Gliffy plugin versions prior to 3.7.1 Atlassian Confluence Gliffy plugin versions prior to 4.2

Description The issue allows remote attackers to read arbitrary files or cause a denial of service due to improper restriction of third-party XML parsers' capabilities.

Recommendations For Atlassian JIRA Gliffy plugin versions prior to 3.7.1, update to version 3.7.1 or later. For Atlassian Confluence Gliffy plugin versions prior to 4.2, update to version 4.2 or later.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-2928

Affected Products

Confluence Gliffy Plugin

Jira Gliffy Plugin

PT-2012-4374 · Atlassian · Jira Gliffy Plugin+1

CVE-2012-2928

Weakness Enumeration

Related Identifiers

Affected Products

References · 8