EUVD-2017-17847

Malware in sbrugna...

Atlassian Bamboo Remote Code Execution Vulnerability (CNVD-2017-16340)

Atlassian Bamboo is a suite of continuous integration build tools from Atlassian Australia. The tools help development teams build, test, release and deploy projects using continuous delivery capabilities. A security vulnerability exists in Atlassian Bamboo versions 5.x prior to 5.15.7 and 6.x...

CVE-2017-8907

Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this...

PT-2017-18614 · Atlassian · Bamboo

Name of the Vulnerable Software and Affected Versions: Atlassian Bamboo versions 5.x through 5.15.6 Atlassian Bamboo versions 6.x through 6.0.0 Description: The issue arises from incorrect permission checks for users creating deployment projects. An attacker with login access to Bamboo, but witho...

Passwords from variables are visible in plaintext in release versioning preview

Hey Atlassians! You can see the contents of masked variables the ones with "password" in their key when you click on "Add variable to version" in release versioning configuration screen for deployment project. Steps to reproduce: 1. Create a global variable with key: "testpassword" and value "abc...

Passwords from variables are visible in plaintext in release versioning preview

Hey Atlassians! You can see the contents of masked variables the ones with "password" in their key when you click on "Add variable to version" in release versioning configuration screen for deployment project. Steps to reproduce: 1. Create a global variable with key: "testpassword" and value "abc...