Vulnerability in Atlassian Bamboo
CVE-2017-18042
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.
EPSS: 0.001 (32.5th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Bamboo — versions prior to 6.3.1
References
- 103110 (vdb-entry, x_refsource_BID)
- jira.atlassian.com/browse/BAM-19663 (x_refsource_CONFIRM)