5.5

CVE-2018-1000069

Exploit
FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreeplaneFreeplane Version <= 1.5.9
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.3% 0.81
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://lists.debian.org/debian-lts-announce/2018/03/msg00019.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2018/dsa-4175
Third Party Advisory
https://www.freeplane.org/wiki/index.php/XML_External_Entity_vulnerability_in_map_parser
Vendor Advisory
https://www.youtube.com/watch?v=7IXtiTNilAI
Third Party Advisory
Exploit