Published: 22/05/2012 Updated: 06/08/2020
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 685
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Vulnerability Summary

Atlassian JIRA prior to 5.0.1; Confluence prior to 3.5.16, 4.0 prior to 4.0.7, and 4.1 prior to 4.1.10; FishEye and Crucible prior to 2.5.8, 2.6 prior to 2.6.8, and 2.7 prior to 2.7.12; Bamboo prior to 3.3.4 and 3.4.x prior to 3.4.5; and Crowd prior to 2.0.9, 2.1 prior to 2.1.2, 2.2 prior to 2.2.9, 2.3 prior to 2.3.7, and 2.4 prior to 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote malicious users to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

atlassian bamboo

atlassian confluence

atlassian crowd

atlassian crucible

atlassian fisheye

atlassian jira


source: wwwsecurityfocuscom/bid/53595/info JIRA, and the Gliffy and Tempo plugins for JIRA are prone to a denial-of-service vulnerability because they fail to properly handle crafted XML data Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an affected application The following vers ...

Metasploit Modules

Atlassian Crowd XML Entity Expansion Remote File Access

This module simply attempts to read a remote file from the server using a vulnerability in the way Atlassian Crowd handles XML files. The vulnerability occurs while trying to expand external entities with the SYSTEM identifier. This module has been tested successfully on Linux and Windows installations of Crowd.

msf > use auxiliary/scanner/http/atlassian_crowd_fileaccess
      msf auxiliary(atlassian_crowd_fileaccess) > show actions
      msf auxiliary(atlassian_crowd_fileaccess) > set ACTION <action-name>
      msf auxiliary(atlassian_crowd_fileaccess) > show options
            ...show and set options...
      msf auxiliary(atlassian_crowd_fileaccess) > run