QwikSec

Security Database

CVE

CWE

Training

CVE-2012-2928

Published: May 22, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17

x_refsource_CONFIRM

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_BID

http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17

x_refsource_CONFIRM

jira-xml-dos(75697)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.