Bamboo Security Vulnerabilities and Issues — Bamboo CVE List

Lucene search

AtlassianBamboo

6 matches found

CVE•added 2018/02/02 2:29 p.m.•44 views

CVE-2017-18081

The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.

6.1CVSS6AI score0.00203EPSS

CVE•added 2018/02/02 2:29 p.m.•42 views

CVE-2017-18042

The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.

8.8CVSS8.6AI score0.00159EPSS

CVE•added 2018/02/02 2:29 p.m.•41 views

CVE-2017-18040

The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.

5.4CVSS5.3AI score0.00154EPSS

CVE•added 2018/02/02 2:29 p.m.•38 views

CVE-2017-18041

The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.

5.4CVSS5.3AI score0.00154EPSS

CVE•added 2018/02/02 2:29 p.m.•37 views

CVE-2017-18082

The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.

5.4CVSS5.3AI score0.00175EPSS

CVE•added 2018/02/02 2:29 p.m.•36 views

CVE-2017-18080

The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.

8.8CVSS8.6AI score0.00167EPSS