Vulnerabilities > CVE-2018-1000069 - XXE vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1316.NASL description Wojciech Reguła discovered that Freeplane, a program for working with mind maps, was affected by a XML External Entity (XXE) vulnerability in its mindmap loader that could compromise a user last seen 2020-03-17 modified 2018-03-27 plugin id 108606 published 2018-03-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108606 title Debian DLA-1316-1 : freeplane security update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4175.NASL description Wojciech Regula discovered an XML External Entity vulnerability in the XML Parser of the mindmap loader in freeplane, a Java program for working with mind maps, resulting in potential information disclosure if a malicious mind map file is opened. last seen 2020-06-01 modified 2020-06-02 plugin id 109093 published 2018-04-18 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109093 title Debian DSA-4175-1 : freeplane - security update