CVE-2021-26067

2021-01-2801:45:16

atlassian

www.cve.org

atlassian

bamboo

sensitive data exposure

AI Score

5.6

Confidence

High

EPSS

0.002

Percentile

59.7%

JSON

Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions are before version 7.2.2.

CNA Affected

[
  {
    "product": "Bamboo",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "7.2.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

jira.atlassian.com/browse/BAM-21215