Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-2928

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

Published

2012-05-22T15:55:02.947

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

4.9

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gliffy	gliffy	≤ 3.7	No
Application	atlassian	jira	≤ 5.0.0	Yes
Application	gliffy	gliffy	≤ 3.7	Yes
Application	gliffy	gliffy	1.0.1	Yes
Application	gliffy	gliffy	2.0.0	Yes
Application	gliffy	gliffy	2.0.1	Yes
Application	gliffy	gliffy	2.1.0	Yes
Application	gliffy	gliffy	2.1.1	Yes
Application	gliffy	gliffy	2.1.2	Yes
Application	gliffy	gliffy	2.1.3	Yes
Application	gliffy	gliffy	2.2.0	Yes
Application	gliffy	gliffy	2.2.1	Yes
Application	gliffy	gliffy	2.2.2	Yes
Application	gliffy	gliffy	3.0.0	Yes
Application	gliffy	gliffy	3.0.1	Yes
Application	gliffy	gliffy	3.0.2	Yes
Application	gliffy	gliffy	3.0.3	Yes
Application	gliffy	gliffy	3.0.4	Yes
Application	gliffy	gliffy	3.0.5	Yes
Application	gliffy	gliffy	3.1.0	Yes
Application	gliffy	gliffy	3.1.1	Yes
Application	gliffy	gliffy	3.1.2	Yes
Application	gliffy	gliffy	3.1.3	Yes
Application	gliffy	gliffy	3.1.4	Yes
Application	gliffy	gliffy	3.5	Yes
Application	gliffy	gliffy	3.5.2	Yes
Application	gliffy	gliffy	3.6	Yes
Application	gliffy	gliffy	3.6.1	Yes
Application	atlassian	confluence_server	4.1.9	Yes

References

http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 Mitigation, Vendor Advisory ([email protected])
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 Mitigation, Vendor Advisory ([email protected])
http://osvdb.org/81993 Broken Link ([email protected])
http://secunia.com/advisories/49166 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/53595 Broken Link, Third Party Advisory, VDB Entry ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/75697 Third Party Advisory, VDB Entry ([email protected])
http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/81993 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/49166 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/53595 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75697 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)