Versio.io

CVE-2012-2928

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 22-05-2012 05:55
Last modified: - 14-05-2022 05:25
Total changes: - 3

Description

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:N/A:P
Low
Attack complexity
Network
Attack vector
Low
Availability
Low
Confidentiality
None
Integrity
-
Privileges required
-
Scope
-
User interaction
6.4
Base score
10.0
4.9
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=gliffy AND product=gliffy AND versionEndIncluding=3.7
OR
vendor=atlassian AND product=jira AND versionEndIncluding=5.0.0
AND
OR
vendor=gliffy AND product=gliffy AND version=2.1.1
vendor=gliffy AND product=gliffy AND version=3.0.0
vendor=gliffy AND product=gliffy AND version=2.0.1
vendor=gliffy AND product=gliffy AND version=2.1.0
vendor=gliffy AND product=gliffy AND version=3.1.2
vendor=gliffy AND product=gliffy AND version=3.0.1
vendor=gliffy AND product=gliffy AND version=2.2.2
vendor=gliffy AND product=gliffy AND version=2.2.1
vendor=gliffy AND product=gliffy AND version=3.1.1
vendor=gliffy AND product=gliffy AND version=3.0.5
vendor=gliffy AND product=gliffy AND version=3.1.4
vendor=gliffy AND product=gliffy AND version=3.5
vendor=gliffy AND product=gliffy AND version=2.2.0
vendor=gliffy AND product=gliffy AND version=3.0.2
vendor=gliffy AND product=gliffy AND version=3.0.4
vendor=gliffy AND product=gliffy AND version=3.5.2
vendor=gliffy AND product=gliffy AND version=3.6
vendor=gliffy AND product=gliffy AND version=2.1.2
vendor=gliffy AND product=gliffy AND version=3.0.3
vendor=gliffy AND product=gliffy AND versionEndIncluding=3.7
vendor=gliffy AND product=gliffy AND version=2.0.0
vendor=gliffy AND product=gliffy AND version=3.1.3
vendor=gliffy AND product=gliffy AND version=3.6.1
vendor=gliffy AND product=gliffy AND version=1.0.1
vendor=gliffy AND product=gliffy AND version=2.1.3
vendor=gliffy AND product=gliffy AND version=3.1.0
OR
vendor=atlassian AND product=confluence_server AND version=4.1.9
 

Reference

 


Keywords

NVD

 

CVE-2012-2928

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.