Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bamboo vulnerabilities and exploits
(subscribe to this query)
9.6
CVSSv3
CVE-2017-14589
It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute J...
Atlassian Bamboo
9.1
CVSSv3
CVE-2017-14590
Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least o...
Atlassian Bamboo
5.4
CVSSv3
CVE-2017-18041
The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.
Atlassian Bamboo
8.8
CVSSv3
CVE-2018-5224
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Merc...
Atlassian Bamboo
5.3
CVSSv3
CVE-2021-26067
Affected versions of Atlassian Bamboo allow an unauthenticated remote malicious user to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint....
Atlassian Bamboo
5.4
CVSSv3
CVE-2017-18040
The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.
Atlassian Bamboo
8.8
CVSSv3
CVE-2017-18042
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote malicious users to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.
Atlassian Bamboo
8.8
CVSSv3
CVE-2017-18080
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote malicious users to modify security settings via a Cross-site request forgery (CSRF) vulnerability.
Atlassian Bamboo
6.1
CVSSv3
CVE-2017-18081
The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.
Atlassian Bamboo
5.4
CVSSv3
CVE-2017-18082
The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.
Atlassian Bamboo
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »