CVE-2012-2928
6.4
Vector
AV:N/AC:L/Au:N/C:P/I:N/A:P
Exploitability: 10.0 / Impact: 4.9
Source: NVD
Description
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Affected (28)
Products: Atlassian: Jira, Confluence Server · Gliffy: Gliffy
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.7 | |
| Version 4.1.9 |
Related CWEs
References (12)
Source: cve@mitre.org
MitigationVendor Advisory
Source: cve@mitre.org
MitigationVendor Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Timeline
No history available yet.