An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection.
References
Link | Resource |
---|---|
https://bitbucket.org/keysight/keysight-plugins-for-atlassian-products/wiki/Confluence%20Plugins/Database%20Plugin | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-12-15 23:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-35122
Mitre link : CVE-2020-35122
CVE.ORG link : CVE-2020-35122
JSON object : View
Products Affected
keysight
- keysight_database_connector
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')