MidnightBSD

Advisories for gliffy

CVE-2012-2928 MEDIUM

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gliffy gliffy 3.1.2
gliffy gliffy 2.1.0
gliffy gliffy 3.0.5
atlassian jira *
gliffy gliffy 3.1.4
gliffy gliffy 3.0.4
gliffy gliffy 3.1.3
gliffy gliffy 3.0.3
gliffy gliffy 3.5.2
gliffy gliffy 2.2.1
gliffy gliffy 3.1.1
gliffy gliffy 3.1.0
gliffy gliffy 1.0.1
gliffy gliffy 3.0.0
gliffy gliffy 2.1.2
gliffy gliffy 3.0.1
gliffy gliffy 2.2.0
gliffy gliffy 2.0.0
gliffy gliffy 3.6
atlassian confluence_server 4.1.9
gliffy gliffy 2.1.3
gliffy gliffy *
gliffy gliffy 3.5
gliffy gliffy 2.1.1
gliffy gliffy 3.0.2
gliffy gliffy 3.6.1
gliffy gliffy 2.0.1
gliffy gliffy 2.2.2