Bamboo Security Vulnerabilities and Issues — Bamboo CVE List

Lucene search

AtlassianBamboo

9 matches found

CVE•added 2022/07/20 6:15 p.m.•142 views

CVE-2022-26137

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-...

8.8CVSS9AI score0.00073EPSS

CVE•added 2023/11/21 6:15 p.m.•72 views

CVE-2023-22516

This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code...

8.8CVSS8.5AI score0.01792EPSS

CVE•added 2024/08/20 10:15 a.m.•60 views

CVE-2024-21689

This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute...

8CVSS7.8AI score0.30621EPSS

CVE•added 2024/07/16 9:15 p.m.•53 views

CVE-2024-21687

This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server. This File Inclusion vulnerability, with a CVSS Score of 8.1, allows an authenticated attacker to get the application to display the content...

8.1CVSS6.5AI score0.00132EPSS

CVE•added 2017/10/03 1:29 a.m.•52 views

CVE-2015-6576

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource.

8.8CVSS8.9AI score0.02273EPSS

CVE•added 2017/06/14 8:29 p.m.•46 views

CVE-2017-8907

Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vu...

8.8CVSS8.8AI score0.00853EPSS

CVE•added 2018/02/02 2:29 p.m.•42 views

CVE-2017-18042

The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.

8.8CVSS8.6AI score0.00141EPSS

CVE•added 2018/02/02 2:29 p.m.•36 views

CVE-2017-18080

The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.

8.8CVSS8.6AI score0.00148EPSS

CVE•added 2017/10/12 1:29 p.m.•36 views

CVE-2017-9514

Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on s...

8.8CVSS8.7AI score0.00311EPSS