[MID-5285] XXE vulnerabilities - Evolveum Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.9.1, 4.0, 3.6.2, 3.7.3, 3.8.1
Component/s: None
Labels:
- security

Subscription:
Internal
Milestone:
M4

Description

There are several XXE vulnerabilities in midPoint code: Query playground, embedded editor, object import.

CVSS: Medium (6.8)

Attachments

Activity

People

Assignee:: Radovan Semancik

Reporter:: Radovan Semancik

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 17/Apr/19 11:51 AM

Updated:: 17/Apr/19 2:02 PM

Resolved:: 17/Apr/19 1:56 PM