CVE-2012-2928
published 2012-05-22CVE-2012-2928: The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML…
medium6.4CVSS 3.1
AVNACLAuNCPINAP
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | confluence_server | — | — |
| atlassian | jira | <= 5.0.0 | — |
| gliffy | gliffy | <= 3.7 | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |
| gliffy | gliffy | — | — |