Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian bamboo vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2018-5224
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Merc...
Atlassian Bamboo
9
CVSSv2
CVE-2017-14590
Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least o...
Atlassian Bamboo
7.5
CVSSv2
CVE-2021-37843
The resolution SAML SSO apps for Atlassian products allow a remote malicious user to login to a user account when only the username is known (i.e., no other authentication is provided). The fixed versions are for Jira: 3.6.6.1, 4.0.12, 5.0.5; for Confluence 3.6.6, 4.0.12, 5.0.5; ...
Atlassian Saml Single Sign On
7.5
CVSSv2
CVE-2016-5229
Atlassian Bamboo prior to 5.11.4.1 and 5.12.x prior to 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote malicious users to execute arbitrary code via vectors related to XStream Serialization.
Atlassian Bamboo 5.12.2
Atlassian Bamboo 5.12.1
Atlassian Bamboo 5.12.0
Atlassian Bamboo
7.5
CVSSv2
CVE-2015-8360
An unspecified resource in Atlassian Bamboo prior to 5.9.9 and 5.10.x prior to 5.10.0 allows remote malicious users to execute arbitrary Java code via serialized data to the JMS port.
Atlassian Bamboo 3.2
Atlassian Bamboo 5.9.7
Atlassian Bamboo 5.9.4
Atlassian Bamboo 5.8.1
Atlassian Bamboo 5.8
Atlassian Bamboo 5.5
Atlassian Bamboo 5.4.2
Atlassian Bamboo 5.1
Atlassian Bamboo 5.0.1
Atlassian Bamboo 4.4.5
Atlassian Bamboo 4.4.4
Atlassian Bamboo 4.3.2
Atlassian Bamboo 4.3.1
Atlassian Bamboo 4.0
Atlassian Bamboo 3.4.5
Atlassian Bamboo 3.3.3
Atlassian Bamboo 3.3.2
Atlassian Bamboo 3.1
Atlassian Bamboo 3.0.3
Atlassian Bamboo 2.7
Atlassian Bamboo 2.6.3
Atlassian Bamboo 2.5.1
7.5
CVSSv2
CVE-2014-9757
The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo prior to 5.9.9 and 5.10.x prior to 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.
Atlassian Bamboo 5.9.7
Atlassian Bamboo 5.9.4
Atlassian Bamboo 5.8
Atlassian Bamboo 5.7.2
Atlassian Bamboo 5.4.2
Atlassian Bamboo 5.4.1
Atlassian Bamboo 5.1
Atlassian Bamboo 5.0.1
Atlassian Bamboo 5.0
Atlassian Bamboo 4.4.5
Atlassian Bamboo 4.4.4
Atlassian Bamboo 4.3.2
Atlassian Bamboo 4.3.1
Atlassian Bamboo 4.0
Atlassian Bamboo 3.4.5
Atlassian Bamboo 3.3.3
Atlassian Bamboo 3.3.2
Atlassian Bamboo 3.3
Atlassian Bamboo 3.0.3
Atlassian Bamboo 2.7
Atlassian Bamboo 2.6.3
Atlassian Bamboo 2.5.1
6.8
CVSSv2
CVE-2017-18042
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote malicious users to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.
Atlassian Bamboo
6.8
CVSSv2
CVE-2017-18080
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote malicious users to modify security settings via a Cross-site request forgery (CSRF) vulnerability.
Atlassian Bamboo
6.8
CVSSv2
CVE-2017-14589
It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute J...
Atlassian Bamboo
6.5
CVSSv2
CVE-2017-9514
Bamboo prior to 6.0.5, 6.1.x prior to 6.1.4, and 6.2.x prior to 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java ...
Atlassian Bamboo 6.0.4
Atlassian Bamboo 6.2.0
Atlassian Bamboo 6.1.0
Atlassian Bamboo 6.1.1
Atlassian Bamboo 6.0.1
Atlassian Bamboo 6.0.3
Atlassian Bamboo 6.0.0
Atlassian Bamboo 6.0.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »