Vulnerability Description
FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freeplane | Freeplane | <= 1.5.9 |
| Debian | Debian Linux | 7.0 |
Related Weaknesses (CWE)
References
- https://lists.debian.org/debian-lts-announce/2018/03/msg00019.htmlMailing ListThird Party Advisory
- https://www.debian.org/security/2018/dsa-4175Third Party Advisory
- https://www.freeplane.org/wiki/index.php/XML_External_Entity_vulnerability_in_maVendor Advisory
- https://www.youtube.com/watch?v=7IXtiTNilAIExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/03/msg00019.htmlMailing ListThird Party Advisory
- https://www.debian.org/security/2018/dsa-4175Third Party Advisory
- https://www.freeplane.org/wiki/index.php/XML_External_Entity_vulnerability_in_maVendor Advisory
- https://www.youtube.com/watch?v=7IXtiTNilAIExploitThird Party Advisory
FAQ
What is CVE-2018-1000069?
CVE-2018-1000069 is a vulnerability with a CVSS score of 5.5 (MEDIUM). FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to re...
How severe is CVE-2018-1000069?
CVE-2018-1000069 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000069?
Check the references section above for vendor advisories and patch information. Affected products include: Freeplane Freeplane, Debian Debian Linux.