Atlassian JIRA prior to 5.0.1; Confluence prior to 3.5.16, 4.0 prior to 4.0.7, and 4.1 prior to 4.1.10; FishEye and Crucible prior to 2.5.8, 2.6 prior to 2.6.8, and 2.7 prior to 2.7.12; Bamboo prior to 3.3.4 and 3.4.x prior to 3.4.5; and Crowd prior to 2.0.9, 2.1 prior to 2.1.2, 2.2 prior to 2.2.9, 2.3 prior to 2.3.7, and 2.4 prior to 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote malicious users to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
atlassian bamboo |
||
atlassian confluence |
||
atlassian confluence server |
||
atlassian crowd |
||
atlassian crucible |
||
atlassian fisheye |
||
atlassian jira |
Vulmon