Vulnerabilities > Atlassian > Bamboo > 3.1.3

DATE CVE VULNERABILITY TITLE RISK
2021-01-28 CVE-2021-26067 Information Exposure vulnerability in Atlassian Bamboo
Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint.
network
low complexity
atlassian CWE-200
5.3
5.3
2019-11-08 CVE-2019-15005 Missing Authorization vulnerability in Atlassian products
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check.
network
low complexity
atlassian CWE-862
4.3
4.3
2018-03-29 CVE-2018-5224 Improper Input Validation vulnerability in Atlassian Bamboo
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters.
network
low complexity
atlassian CWE-20
8.8
8.8
2018-02-02 CVE-2017-18082 Cross-site Scripting vulnerability in Atlassian Bamboo
The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.
network
low complexity
atlassian CWE-79
5.4
5.4
2018-02-02 CVE-2017-18081 Cross-site Scripting vulnerability in Atlassian Bamboo
The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.
network
low complexity
atlassian CWE-79
6.1
6.1
2018-02-02 CVE-2017-18080 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.
network
low complexity
atlassian CWE-352
8.8
8.8
2018-02-02 CVE-2017-18042 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.
network
low complexity
atlassian CWE-352
8.8
8.8
2018-02-02 CVE-2017-18041 Cross-site Scripting vulnerability in Atlassian Bamboo
The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.
network
low complexity
atlassian CWE-79
5.4
5.4
2018-02-02 CVE-2017-18040 Cross-site Scripting vulnerability in Atlassian Bamboo
The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.
network
low complexity
atlassian CWE-79
5.4
5.4
2017-12-13 CVE-2017-14590 Unspecified vulnerability in Atlassian Bamboo
Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters.
network
low complexity
atlassian
critical
 9.1
9.1