Vulnerabilities > Atlassian > Bamboo > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-01-28 CVE-2021-26067 Information Exposure vulnerability in Atlassian Bamboo
Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint.
network
low complexity
atlassian CWE-200
5.3
5.3
2019-11-08 CVE-2019-15005 Missing Authorization vulnerability in Atlassian products
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check.
network
low complexity
atlassian CWE-862
4.3
4.3
2018-02-02 CVE-2017-18082 Cross-site Scripting vulnerability in Atlassian Bamboo
The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.
network
low complexity
atlassian CWE-79
5.4
5.4
2018-02-02 CVE-2017-18081 Cross-site Scripting vulnerability in Atlassian Bamboo
The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.
network
low complexity
atlassian CWE-79
6.1
6.1
2018-02-02 CVE-2017-18041 Cross-site Scripting vulnerability in Atlassian Bamboo
The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.
network
low complexity
atlassian CWE-79
5.4
5.4
2018-02-02 CVE-2017-18040 Cross-site Scripting vulnerability in Atlassian Bamboo
The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.
network
low complexity
atlassian CWE-79
5.4
5.4