ID CVE-2018-1000069
Summary FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+.
References
Vulnerable Configurations
  • cpe:2.3:a:freeplane:freeplane:1.5.9
    cpe:2.3:a:freeplane:freeplane:1.5.9
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-611
CAPEC
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1316.NASL
    description Wojciech Reguła discovered that Freeplane, a program for working with mind maps, was affected by a XML External Entity (XXE) vulnerability in its mindmap loader that could compromise a user's machine by opening a specially crafted mind map file. For Debian 7 'Wheezy', these problems have been fixed in version 1.1.3-2+deb7u1. We recommend that you upgrade your freeplane packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-04-11
    modified 2018-04-11
    plugin id 108606
    published 2018-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108606
    title Debian DLA-1316-1 : freeplane security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4175.NASL
    description Wojciech Regula discovered an XML External Entity vulnerability in the XML Parser of the mindmap loader in freeplane, a Java program for working with mind maps, resulting in potential information disclosure if a malicious mind map file is opened.
    last seen 2018-04-18
    modified 2018-04-18
    plugin id 109093
    published 2018-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109093
    title Debian DSA-4175-1 : freeplane - security update
refmap via4
debian DSA-4175
misc
mlist [debian-lts-announce] 20180324 [SECURITY] [DLA 1316-1] freeplane security update
Last major update 13-03-2018 - 11:29
Published 13-03-2018 - 11:29
Last modified 19-04-2018 - 21:29
Back to Top