CVE-2017-18110

CWE-611 — XML External Entity (XXE)3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 61.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Crowd

Timeline

PublishedMar 29

Latest updateMay 14

Description

The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5atlassian/crowdunspecified — 3.0.2+2

▶NVDatlassian/crowd< 3.0.2+1

🔴Vulnerability Details

GHSA

GHSA-6w64-j998-2q4m: The administration backup restore resource in Atlassian Crowd before version 3↗2022-05-14

▶

CVEList

CVE-2017-18110: The administration backup restore resource in Atlassian Crowd before version 3↗2019-03-29

▶