CVE-2012-2926

Published May 22, 2012

Last updated 3 years ago

CVSS critical 9.1

Overview

Description: Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.1
Impact score: 5.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C1EA6F7-CF4A-43C8-AD67-4A3E97D7B0BC",
            "versionEndExcluding": "3.3.4"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B53F201-032F-4672-A271-8D424B939775",
            "versionEndExcluding": "3.4.5",
            "versionStartIncluding": "3.4"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4059F4D-831C-467C-91BC-B49BB7A5487E",
            "versionEndExcluding": "3.5.16"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9718C5D3-364A-4BD0-B60D-5FCEA8B1BAFF",
            "versionEndExcluding": "4.0.7",
            "versionStartIncluding": "4.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "121D6C9B-9746-423C-9A0A-13697F7B490B",
            "versionEndExcluding": "4.1.10",
            "versionStartIncluding": "4.1"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB8E3563-1CF4-4665-8CD3-CAEFFBB6B3B6",
            "versionEndExcluding": "2.0.9"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55437340-1D44-41C7-B82A-6E6473C17B62",
            "versionEndExcluding": "2.1.2",
            "versionStartIncluding": "2.1"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68C5F90D-1AB3-409E-9A84-8EF42735BCD9",
            "versionEndExcluding": "2.2.9",
            "versionStartIncluding": "2.2.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C99026A0-1B4A-4CF7-B7E5-DC1231302CEC",
            "versionEndExcluding": "2.3.7",
            "versionStartIncluding": "2.3.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28E820F2-4E46-4744-9EE9-C9CDEF78B8D7",
            "versionEndExcluding": "2.4.1",
            "versionStartIncluding": "2.4.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD4C65C4-2C22-48F2-B4F6-D40915374FF1",
            "versionEndExcluding": "2.5.8"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "263668EC-0168-4FC2-82E3-6606269AE372",
            "versionEndExcluding": "2.6.8",
            "versionStartIncluding": "2.6"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B62B11D8-BC78-431B-91D4-F6CE14E0C7D0",
            "versionEndExcluding": "2.7.12",
            "versionStartIncluding": "2.7"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77B117D3-9D05-4192-9A40-B4610D636DE7",
            "versionEndExcluding": "2.5.8"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3768A3A7-B5F8-46C7-A932-1C779C167216",
            "versionEndExcluding": "2.6.8",
            "versionStartIncluding": "2.6"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4779A8F0-9CDB-46F7-9EB6-B155187218EB",
            "versionEndExcluding": "2.7.12",
            "versionStartIncluding": "2.7"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20F692D8-2A86-403D-82C6-363C9798BD3A",
            "versionEndExcluding": "5.0.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References