Lucene search

K

19 matches found

CVE
CVE
added 2022/07/20 6:15 p.m.197 views

CVE-2022-26136

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and c...

9.8CVSS9.1AI score0.00224EPSS
CVE
CVE
added 2022/07/20 6:15 p.m.142 views

CVE-2022-26137

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-...

8.8CVSS9AI score0.00073EPSS
CVE
CVE
added 2019/11/08 4:15 a.m.93 views

CVE-2019-15005

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the ap...

4.3CVSS4.3AI score0.00208EPSS
CVE
CVE
added 2021/01/28 2:15 a.m.79 views

CVE-2021-26067

Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions ar...

5.3CVSS5.3AI score0.01534EPSS
CVE
CVE
added 2023/11/21 6:15 p.m.72 views

CVE-2023-22516

This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code...

8.8CVSS8.5AI score0.01792EPSS
CVE
CVE
added 2012/05/22 3:55 p.m.65 views

CVE-2012-2926

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2...

9.1CVSS9AI score0.68563EPSS
CVE
CVE
added 2024/08/20 10:15 a.m.60 views

CVE-2024-21689

This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute...

8CVSS7.8AI score0.30621EPSS
CVE
CVE
added 2024/07/16 9:15 p.m.53 views

CVE-2024-21687

This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server. This File Inclusion vulnerability, with a CVSS Score of 8.1, allows an authenticated attacker to get the application to display the content...

8.1CVSS6.5AI score0.00132EPSS
CVE
CVE
added 2017/10/03 1:29 a.m.52 views

CVE-2015-6576

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource.

8.8CVSS8.9AI score0.02273EPSS
CVE
CVE
added 2016/08/02 4:59 p.m.52 views

CVE-2016-5229

Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization.

9.8CVSS9.6AI score0.05824EPSS
CVE
CVE
added 2017/12/13 3:29 p.m.49 views

CVE-2017-14589

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their c...

9.6CVSS9.3AI score0.00438EPSS
CVE
CVE
added 2017/12/13 3:29 p.m.47 views

CVE-2017-14590

Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least one linked Mercurial...

9.1CVSS9.2AI score0.00488EPSS
CVE
CVE
added 2018/02/02 2:29 p.m.44 views

CVE-2017-18081

The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.

6.1CVSS6AI score0.00189EPSS
CVE
CVE
added 2018/02/02 2:29 p.m.42 views

CVE-2017-18042

The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.

8.8CVSS8.6AI score0.00141EPSS
CVE
CVE
added 2018/02/02 2:29 p.m.41 views

CVE-2017-18040

The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.

5.4CVSS5.3AI score0.00144EPSS
CVE
CVE
added 2018/03/29 1:29 p.m.41 views

CVE-2018-5224

Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository, o...

9CVSS8.7AI score0.00947EPSS
CVE
CVE
added 2018/02/02 2:29 p.m.38 views

CVE-2017-18041

The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.

5.4CVSS5.3AI score0.00144EPSS
CVE
CVE
added 2018/02/02 2:29 p.m.37 views

CVE-2017-18082

The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.

5.4CVSS5.3AI score0.00164EPSS
CVE
CVE
added 2018/02/02 2:29 p.m.36 views

CVE-2017-18080

The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.

8.8CVSS8.6AI score0.00148EPSS