CVE-2012-2926

Published: May 22, 2012Modified: Apr 29, 2026

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

Affected (17)

Products: Atlassian: Bamboo, Confluence, Confluence Server, Crowd, Crucible, Fisheye, Jira

7 products

Confluence Server

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Atlassian Bamboo	Before 3.3.4
Atlassian Bamboo	From 3.4 to 3.4.5
Atlassian Confluence	Before 3.5.16
Atlassian Confluence Server	From 4.0 to 4.0.7
Atlassian Confluence Server	From 4.1 to 4.1.10
Atlassian Crowd	Before 2.0.9
Atlassian Crowd	From 2.1 to 2.1.2
Atlassian Crowd	From 2.2.0 to 2.2.9
Atlassian Crowd	From 2.3.0 to 2.3.7
Atlassian Crowd	From 2.4.0 to 2.4.1
Atlassian Crucible	Before 2.5.8
Atlassian Crucible	From 2.6 to 2.6.8
Atlassian Crucible	From 2.7 to 2.7.12
Atlassian Fisheye	Before 2.5.8
Atlassian Fisheye	From 2.6 to 2.6.8
Atlassian Fisheye	From 2.7 to 2.7.12
Atlassian Jira	Before 5.0.1

References (20)

http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17

Source: cve@mitre.org

PatchVendor Advisory

http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17

Source: cve@mitre.org

PatchVendor Advisory

http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17

Source: cve@mitre.org

PatchVendor Advisory

http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17

Source: cve@mitre.org

PatchVendor Advisory

http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17

Source: cve@mitre.org

PatchVendor Advisory

http://osvdb.org/81993

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/49146

Source: cve@mitre.org

Not Applicable

http://www.securityfocus.com/bid/53595

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/75682

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/75697

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://osvdb.org/81993

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://secunia.com/advisories/49146

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://www.securityfocus.com/bid/53595

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/75682

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/75697

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.