漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server
Vulnerability Description
The XWiki JIRA extension provides various integration points between XWiki and JIRA (macros, UI, CKEditor plugin). If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a DOCTYPE pointing to a local file on the XWiki server host and displaying that file's content in one of the returned JIRA fields (such as the summary or description for example). The vulnerability has been patched in the JIRA Extension v8.6.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
JIRA Integration 代码问题漏洞
Vulnerability Description
JIRA Integration是XWiki Contrib开源的一个开发工具。 JIRA Integration存在代码问题漏洞,该漏洞源于JIRA宏可指定伪造URL,可能导致本地文件内容泄露。
CVSS Information
N/A
Vulnerability Type
N/A