Описание
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Ссылки
- MitigationVendor Advisory
- MitigationVendor Advisory
- Broken Link
- Vendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- MitigationVendor Advisory
- MitigationVendor Advisory
- Broken Link
- Vendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 3.7 (включая)Версия до 5.0.0 (включая)
Одновременно
cpe:2.3:a:gliffy:gliffy:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
Конфигурация 2Версия до 3.7 (включая)
Одновременно
Одно из
cpe:2.3:a:gliffy:gliffy:*:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.5:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.6:*:*:*:*:*:*:*
cpe:2.3:a:gliffy:gliffy:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:4.1.9:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.0193
Низкий
6.4 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
около 3 лет назад
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
EPSS
Процентиль: 82%
0.0193
Низкий
6.4 Medium
CVSS2
Дефекты
CWE-264