Uploaded image for project: 'Project Configurator - Development'
  1. Project Configurator - Development
  2. PCDEV-1331

XXE vulnerability when reading XML files

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Done
    • Priority: Highest
    • Resolution: Fixed
    • Affects Version/s: 3.0.8
    • Fix Version/s: 3.0.9
    • Labels:
      None
    • Sprint:
      PC Sprint 19 BUGS & SR
    • Critical Points:
      0

      Description

      Severity: Medium

      Jira System Administrators were able read files and network resources (such as http) accessible to the Jira server via an XML external entity (XXE) flaw.

      This issue affects all versions of Project Configurator prior to 3.0.9

      This has been fixed in Project Configurator version 3.0.9. Please upgrade to version 3.0.9 or later.

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              pmaranon Pepe Maranon Mora
              Reporter:
              pmaranon Pepe Maranon Mora
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: