CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2012-6342
https://notcve.org/view.php?id=CVE-2012-6342
13 May 2014 — Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user via a comment. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en logout.action en Confluence versión 3.4.6 de Atlassian, permite a los atacantes remotos secuestrar la autenticación de administradores para las peticiones que cierran la sesión del usuario por medio de un comentario. • http://archives.neohapsis.com/archives/bugtraq/2013-01/0066.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 68%CPEs: 17EXPL: 3CVE-2012-2926 – Atlassian Tempo 6.4.3 / JIRA 5.0.0 / Gliffy 3.7.0 - XML Parsing Denial of Service
https://notcve.org/view.php?id=CVE-2012-2926
22 May 2012 — Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vecto... • https://packetstorm.news/files/id/181107 •
CVSS: 9.1EPSS: 1%CPEs: 29EXPL: 0CVE-2012-2928
https://notcve.org/view.php?id=CVE-2012-2928
22 May 2012 — The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. El complemento Gliffy para Atlassian JIRA v3.7.1, y en version anteriores ala v4.2 para Atlassian Confluence, no restringe correctamente las capacidades de los analizadores XML de tercer nivel, lo que permite leer fic... • http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 • CWE-264: Permissions, Privileges, and Access Controls •