VYPR
Critical severity9.1NVD Advisory· Published May 22, 2012· Updated Jun 16, 2026

CVE-2012-2926

CVE-2012-2926

Description

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
    Range: <3.3.4
  • cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*range: <3.5.16
    • cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*range: >=4.0,<4.0.7
    • (no CPE)range: <3.5.16, >=4.0 <4.0.7, >=4.1 <4.1.10
  • cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
    Range: <2.0.9
  • cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
    Range: <2.5.8
  • Atlassian/Fisheye2 versions
    cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*range: <2.5.8
    • (no CPE)range: <2.5.8, >=2.6 <2.6.8, >=2.7 <2.7.12
  • Atlassian/Jira2 versions
    cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*range: <5.0.1
    • (no CPE)range: <5.0.1

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.