CVE-2017-18042

2018-02-0214:00:00

atlassian

www.cve.org

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

42.0%

JSON

The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.

CNA Affected

[
  {
    "product": "Bamboo",
    "vendor": "Atlassian",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 6.3.1"
      }
    ]
  }
]

References

www.securityfocus.com/bid/103110

jira.atlassian.com/browse/BAM-19663