CVE-2012-2928 — Atlassian Jira vulnerability

CWE-2643 documents3 sources

Severity

6.4MEDIUMNVD

EPSS

1.9%

top 16.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Gliffy Atlassian Confluence Server

Timeline

PublishedMay 22

Latest updateMay 13

Description

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

▶NVDatlassian/jira5.0.0

▶NVDatlassian/confluence_server4.1.9

▶NVDgliffy/gliffy3.7+25

🔴Vulnerability Details

GHSA

GHSA-jvhg-gg3p-gmr7: The Gliffy plugin before 3↗2022-05-13

▶

CVEList

CVE-2012-2928: The Gliffy plugin before 3↗2012-05-22

▶