The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-05-22T15:00:00

Updated: 2024-08-06T19:50:05.070Z

Reserved: 2012-05-22T00:00:00

Link: CVE-2012-2928

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-05-22T15:55:02.947

Modified: 2024-11-21T01:39:57.573

Link: CVE-2012-2928

cve-icon Redhat

No data.