Vulnerabilities > Atlassian > Bamboo > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-20 | CVE-2022-26136 | Improper Authentication vulnerability in Atlassian products A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. | 9.8 |
| 2017-12-13 | CVE-2017-14589 | Improper Input Validation vulnerability in Atlassian Bamboo It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. | 9.6 |
| 2017-12-13 | CVE-2017-14590 | Unspecified vulnerability in Atlassian Bamboo Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. | 9.1 |
| 2016-08-02 | CVE-2016-5229 | Improper Access Control vulnerability in Atlassian Bamboo Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization. | 9.8 |
| 2016-02-08 | CVE-2014-9757 | Improper Input Validation vulnerability in Atlassian Bamboo The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message. | 9.8 |
| 2016-02-08 | CVE-2015-8360 | Improper Input Validation vulnerability in Atlassian Bamboo An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. | 9.8 |
| 2016-02-08 | CVE-2015-8361 | Improper Access Control vulnerability in Atlassian Bamboo Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port. | 9.1 |
| 2012-05-22 | CVE-2012-2926 | Unspecified vulnerability in Atlassian products Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. | 9.1 |