[PCDEV-1331] XXE vulnerability when reading XML files - Product Support

XML

Word

Printable

JSON

Details

Type: Bug
Status: Done
Priority: Highest
Resolution: Fixed
Affects Version/s: 3.0.8
Fix Version/s: 3.0.9
Labels:
None

Sprint:
PC Sprint 19 BUGS & SR
Critical Points:
0

Description

Severity: Medium

Jira System Administrators were able read files and network resources (such as http) accessible to the Jira server via an XML external entity (XXE) flaw.

This issue affects all versions of Project Configurator prior to 3.0.9

This has been fixed in Project Configurator version 3.0.9. Please upgrade to version 3.0.9 or later.

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...

Activity

People

Assignee:: Pepe Maranon Mora

Reporter:: Pepe Maranon Mora

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 20/Aug/19 10:39 AM

Updated:: 04/Oct/19 12:15 PM

Resolved:: 21/Aug/19 4:48 PM