Vulnerabilities > CVE-2018-1000069 - XXE vulnerability in multiple products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE

Summary

FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1316.NASL
    descriptionWojciech Reguła discovered that Freeplane, a program for working with mind maps, was affected by a XML External Entity (XXE) vulnerability in its mindmap loader that could compromise a user
    last seen2020-03-17
    modified2018-03-27
    plugin id108606
    published2018-03-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108606
    titleDebian DLA-1316-1 : freeplane security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4175.NASL
    descriptionWojciech Regula discovered an XML External Entity vulnerability in the XML Parser of the mindmap loader in freeplane, a Java program for working with mind maps, resulting in potential information disclosure if a malicious mind map file is opened.
    last seen2020-06-01
    modified2020-06-02
    plugin id109093
    published2018-04-18
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109093
    titleDebian DSA-4175-1 : freeplane - security update