Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian bamboo vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2017-18040
The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.
Atlassian Bamboo
5.4
CVSSv3
CVE-2017-18041
The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.
Atlassian Bamboo
8.8
CVSSv3
CVE-2017-18042
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote malicious users to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.
Atlassian Bamboo
6.1
CVSSv3
CVE-2017-18081
The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.
Atlassian Bamboo
5.4
CVSSv3
CVE-2017-18082
The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.
Atlassian Bamboo
8.8
CVSSv3
CVE-2017-18080
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote malicious users to modify security settings via a Cross-site request forgery (CSRF) vulnerability.
Atlassian Bamboo
9.6
CVSSv3
CVE-2017-14589
It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute J...
Atlassian Bamboo
9.1
CVSSv3
CVE-2017-14590
Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least o...
Atlassian Bamboo
8.8
CVSSv3
CVE-2017-9514
Bamboo prior to 6.0.5, 6.1.x prior to 6.1.4, and 6.2.x prior to 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java ...
Atlassian Bamboo 6.0.4
Atlassian Bamboo 6.2.0
Atlassian Bamboo 6.1.0
Atlassian Bamboo 6.1.1
Atlassian Bamboo 6.0.1
Atlassian Bamboo 6.0.3
Atlassian Bamboo 6.0.0
Atlassian Bamboo 6.0.2
8.8
CVSSv3
CVE-2015-6576
Bamboo 2.2 prior to 5.8.5 and 5.9.x prior to 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource.
Atlassian Bamboo
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »