Uploaded image for project: 'Project Configurator - Development'
  1. Project Configurator - Development
  2. PCDEV-1331

XXE vulnerability when reading XML files

    Details

    • Type: Bug
    • Status: Done (View Workflow)
    • Priority: Highest
    • Resolution: Fixed
    • Affects Version/s: 3.0.8
    • Fix Version/s: 3.0.9
    • Labels:
      None
    • Sprint:
      PC Sprint 19 BUGS & SR
    • Critical Points:
      0

      Description

      Severity: Medium

      Jira System Administrators were able read files and network resources (such as http) accessible to the Jira server via an XML external entity (XXE) flaw.

      This issue affects all versions of Project Configurator prior to 3.0.9

      This has been fixed in Project Configurator version 3.0.9. Please upgrade to version 3.0.9 or later.

       

        Attachments

          Issue Links

            Structure

              Activity

                People

                Assignee:
                pmaranon Pepe Maranon Mora
                Reporter:
                pmaranon Pepe Maranon Mora
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Structure Helper Panel