Remote File Read Vulnerability in Atlassian Crowd by Atlassian
CVE-2013-3925

Currently unrated

Key Information:

Vendor: Atlassian
Status: Crowd
Vendor: CVE Published:; 1 July 2013

Summary

The vulnerability in Atlassian Crowd allows remote attackers to exploit XML external entity declarations. By manipulating requests sent to specific services, attackers can read arbitrary files and potentially send HTTP requests to internal servers, posing significant threats to system integrity and confidentiality.

References

http://www.commandfive.com/papers/C5_TA_2013_3925_Atlassi...

x_refsource_MISC

https://jira.atlassian.com/browse/CWD-3366

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 1, 2013