Bamboo Security Vulnerabilities and Issues — Bamboo CVE List

Lucene search

AtlassianBamboo

9 matches found

CVE•added 2022/07/20 6:15 p.m.•197 views

CVE-2022-26136

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and c...

9.8CVSS9.1AI score0.00224EPSS

CVE•added 2012/05/22 3:55 p.m.•65 views

CVE-2012-2926

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2...

9.1CVSS9AI score0.68563EPSS

CVE•added 2016/08/02 4:59 p.m.•52 views

CVE-2016-5229

Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization.

9.8CVSS9.6AI score0.05824EPSS

CVE•added 2016/02/08 7:59 p.m.•49 views

CVE-2015-8360

An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port.

9.8CVSS9.7AI score0.01194EPSS

CVE•added 2017/12/13 3:29 p.m.•49 views

CVE-2017-14589

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their c...

9.6CVSS9.3AI score0.00438EPSS

CVE•added 2017/12/13 3:29 p.m.•47 views

CVE-2017-14590

Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least one linked Mercurial...

9.1CVSS9.2AI score0.00488EPSS

CVE•added 2016/02/08 7:59 p.m.•44 views

CVE-2015-8361

Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port.

9.1CVSS9.1AI score0.00524EPSS

CVE•added 2016/02/08 7:59 p.m.•41 views

CVE-2014-9757

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.

9.8CVSS9.6AI score0.00778EPSS

CVE•added 2018/03/29 1:29 p.m.•41 views

CVE-2018-5224

Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository, o...

9CVSS8.7AI score0.00947EPSS