Description

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

Remediation

References

CVE-2012-2928

Related Vulnerabilities

Jenkins Session Fixation Vulnerability (CVE-2021-21671)

SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5715)

Sqlite Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-6590)

Jboss EAP Improper Access Control Vulnerability (CVE-2013-4213)

WordPress Plugin WP Source Control Directory Traversal (3.0.0)

Severity

Medium

Classification

CVE-2012-2928 CWE-264

Tags

Missing Update Known Vulnerabilities