Vulnerabilities > Atlassian > Bamboo

DATE CVE VULNERABILITY TITLE RISK
2018-02-02 CVE-2017-18080 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.
network
low complexity
atlassian CWE-352
8.8
8.8
2018-02-02 CVE-2017-18042 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Bamboo
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.
network
low complexity
atlassian CWE-352
8.8
8.8
2018-02-02 CVE-2017-18041 Cross-site Scripting vulnerability in Atlassian Bamboo
The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.
network
low complexity
atlassian CWE-79
5.4
5.4
2018-02-02 CVE-2017-18040 Cross-site Scripting vulnerability in Atlassian Bamboo
The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.
network
low complexity
atlassian CWE-79
5.4
5.4
2017-12-13 CVE-2017-14590 Unspecified vulnerability in Atlassian Bamboo
Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters.
network
low complexity
atlassian
critical
 9.1
9.1
2017-12-13 CVE-2017-14589 Improper Input Validation vulnerability in Atlassian Bamboo
It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur.
network
low complexity
atlassian CWE-20
critical
 9.6
9.6
2017-10-12 CVE-2017-9514 Incorrect Permission Assignment for Critical Resource vulnerability in Atlassian Bamboo
Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded.
network
low complexity
atlassian CWE-732
8.8
8.8
2017-10-03 CVE-2015-6576 Code Injection vulnerability in Atlassian Bamboo
Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource.
network
low complexity
atlassian CWE-94
8.8
8.8
2017-06-14 CVE-2017-8907 Incorrect Authorization vulnerability in Atlassian Bamboo
Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so.
network
low complexity
atlassian CWE-863
8.8
8.8
2016-08-02 CVE-2016-5229 Improper Access Control vulnerability in Atlassian Bamboo
Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization.
network
low complexity
atlassian CWE-284
critical
 9.8
9.8