Vulnerabilities > Atlassian > Bamboo > 2.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-28 | CVE-2021-26067 | Information Exposure vulnerability in Atlassian Bamboo Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. | 5.0 |
| 2019-11-08 | CVE-2019-15005 | Missing Authorization vulnerability in Atlassian products The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. | 4.0 |
| 2018-02-02 | CVE-2017-18082 | Cross-site Scripting vulnerability in Atlassian Bamboo The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch. | 3.5 |
| 2018-02-02 | CVE-2017-18081 | Cross-site Scripting vulnerability in Atlassian Bamboo The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie. | 4.3 |
| 2018-02-02 | CVE-2017-18080 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. | 6.8 |
| 2018-02-02 | CVE-2017-18042 | Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. | 6.8 |
| 2018-02-02 | CVE-2017-18041 | Cross-site Scripting vulnerability in Atlassian Bamboo The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. | 3.5 |
| 2018-02-02 | CVE-2017-18040 | Cross-site Scripting vulnerability in Atlassian Bamboo The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. | 3.5 |
| 2017-12-13 | CVE-2017-14589 | Improper Input Validation vulnerability in Atlassian Bamboo It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. | 6.8 |
| 2016-08-02 | CVE-2016-5229 | Improper Access Control vulnerability in Atlassian Bamboo Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization. | 7.5 |