XML Parser Vulnerability in Atlassian Products
CVE-2012-2926

9.1CRITICAL

Key Information:

Vendor
Atlassian
Status
Fisheye
Confluence
Jira
Crucible
Vendor
CVE Published:
22 May 2012

Summary

This vulnerability in multiple Atlassian software products allows attackers to exploit improperly restricted capabilities of third-party XML parsers. As a result, malicious users may read arbitrary files or cause a denial of service through resource consumption by leveraging unspecified vectors. Various versions of JIRA, Confluence, FishEye, Crucible, Bamboo, and Crowd are affected, making it crucial for users to update to patched versions to secure their environments.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/75682
vdb-entryx_refsource_XF
http://secunia.com/advisories/49146
third-party-advisoryx_refsource_SECUNIA
http://confluence.atlassian.com/display/FISHEYE/FishEye+a...
x_refsource_CONFIRM

EPSS Score

68% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.