Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-2797

XML Vulnerability in Crowd

XMLWordPrintable

      We have identified and fixed a vulnerability in Crowd that results from the way XML parsers are used. This vulnerability allows an attacker to:

      • Execute denial of service attacks against the Crowd server, or
      • Read all local files readable to the system user under which Crowd runs.

      All versions of Crowd up to and including 2.4.0 are affected by this vulnerability.

      Full details of the severity, risks and vulnerability can be found in the Crowd Security Advisory 2012-05-17.

            [CWD-2797] XML Vulnerability in Crowd

            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 - restricted [ 1510249 ] New: JAC Bug Workflow v3 [ 3365015 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Wazza made changes -
            Remote Link New: This issue links to "Page (Atlassian Documentation)" [ 290433 ]
            Wazza made changes -
            Remote Link Original: This issue links to "Page (Atlassian Documentation)" [ 290517 ] New: This issue links to "Page (Atlassian Documentation)" [ 290517 ]
            Wazza made changes -
            Remote Link Original: This issue links to "Page (Atlassian Documentation)" [ 290517 ] New: This issue links to "Page (Atlassian Documentation)" [ 290517 ]
            Wazza made changes -
            Remote Link Original: This issue links to "Page (Atlassian Documentation)" [ 290517 ] New: This issue links to "Page (Atlassian Documentation)" [ 290517 ]
            Wazza made changes -
            Remote Link New: This issue links to "Page (Atlassian Documentation)" [ 290517 ]
            Wazza made changes -
            Remote Link Original: This issue links to "Page (Atlassian Documentation)" [ 283773 ] New: This issue links to "Page (Atlassian Documentation)" [ 283773 ]
            Wazza made changes -
            Remote Link New: This issue links to "Page (Atlassian Documentation)" [ 283773 ]
            Rachel Robins made changes -
            Remote Link Original: This issue links to "Page (Atlassian Documentation)" [ 202973 ] New: This issue links to "Page (Atlassian Documentation)" [ 202973 ]
            Rachel Robins made changes -
            Remote Link New: This issue links to "Page (Atlassian Documentation)" [ 202973 ]

              vosipov VitalyA
              jwalton joe
              Affected customers:
              0 This affects my team
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: