Vulnerabilities > CVE-2018-14383 - XXE vulnerability in Ttpsc the Scheduler 5.1.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://marketplace.atlassian.com/apps/37456/the-scheduler?hosting=server&tab=versions
- https://marketplace.atlassian.com/apps/37456/the-scheduler?hosting=server&tab=versions
- https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-022_jira_plugin_the_scheduler.txt
- https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-022_jira_plugin_the_scheduler.txt