CVE-2012-2926
CRITICAL
9.1
CVSS Severity Score
Vulnerability Description
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Affected Platforms (CPE)
📦
Atlassian
Bamboo
< 3.3.4📦
Atlassian
Bamboo
>= 3.4 and < 3.4.5📦
Atlassian
Confluence
< 3.5.16📦
Atlassian
Confluence Server
>= 4.0 and < 4.0.7📦
Atlassian
Confluence Server
>= 4.1 and < 4.1.10📦
Atlassian
Crowd
< 2.0.9📦
Atlassian
Crowd
>= 2.1 and < 2.1.2📦
Atlassian
Crowd
>= 2.2.0 and < 2.2.9📦
Atlassian
Crowd
>= 2.3.0 and < 2.3.7📦
Atlassian
Crowd
>= 2.4.0 and < 2.4.1📦
Atlassian
Crucible
< 2.5.8📦
Atlassian
Crucible
>= 2.6 and < 2.6.8📦
Atlassian
Crucible
>= 2.7 and < 2.7.12📦
Atlassian
Fisheye
< 2.5.8📦
Atlassian
Fisheye
>= 2.6 and < 2.6.8📦
Atlassian
Fisheye
>= 2.7 and < 2.7.12📦
Atlassian