Vulnerabilities > CVE-2018-19244 - XXE vulnerability in Charlesproxy Charles 4.2.7

CVSS 8.6 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

charlesproxy

CWE-611

NVD

Published: 2018-11-13

Updated: 2019-02-01

Summary

An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. If a user imports a "Charles Settings.xml" file from an attacker, an intranet network may be accessed and information may be leaked.

Vulnerable Configurations

Part	Description	Count
Application	Charlesproxy Charlesproxy Charles 4.2.7	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://whitehatck01.blogspot.com/2018/11/charles-427-xml-external-entity.html