The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:N/A:P
Vendors Products
Gliffy
  • Gliffy
Atlassian
  • Confluence Server
  • Jira

Configuration 1 [-]

AND
cpe:2.3:a:gliffy:gliffy:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:a:gliffy:gliffy:*:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.5:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.6:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:4.1.9:*:*:*:*:*:*:*
References
Link Resource
http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 Mitigation Vendor Advisory
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 Mitigation Vendor Advisory
http://osvdb.org/81993 Broken Link
http://secunia.com/advisories/49166 Vendor Advisory
http://www.securityfocus.com/bid/53595 Broken Link Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/75697 Third Party Advisory VDB Entry
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2012-05-22T15:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2012-05-22T00:00:00

Link: CVE-2012-2928

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2012-05-22T15:55:02.947

Modified: 2022-05-14T03:25:27.250

Link: CVE-2012-2928

JSON object: View

cve-icon Redhat Information

No data.

CWE