Vulnerability in Atlassian Bamboo Data Center
CVE-2022-26136
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used…
EPSS: 0.003 (54.9th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Bamboo Data Center — versions unspecified, 8.1.0, 8.2.0
- Atlassian Bamboo Server — versions unspecified, 8.1.0, 8.2.0
- Atlassian Bitbucket Data Center — versions unspecified, 7.7.0, 7.16.0
- Atlassian Bitbucket Server — versions unspecified, 7.7.0, 7.16.0
- Atlassian Confluence Data Center — versions unspecified, 7.5.0, 7.14.0
- Atlassian Confluence Server — versions unspecified, 7.5.0, 7.14.0
- Atlassian Crowd Data Center — versions unspecified, 4.4.0, 5.0.0
- Atlassian Crowd Server — versions unspecified, 4.4.0, 5.0.0
- Atlassian Crucible — versions unspecified
- Atlassian Fisheye — versions unspecified
Weakness classification (CWE)
References
- jira.atlassian.com/browse/BAM-21795 (x_refsource_MISC)
- jira.atlassian.com/browse/BSERV-13370 (x_refsource_MISC)
- jira.atlassian.com/browse/CONFSERVER-79476 (x_refsource_MISC)
- jira.atlassian.com/browse/CWD-5815 (x_refsource_MISC)
- jira.atlassian.com/browse/FE-7410 (x_refsource_MISC)
- jira.atlassian.com/browse/CRUC-8541 (x_refsource_MISC)
- jira.atlassian.com/browse/JRASERVER-73897 (x_refsource_MISC)
- jira.atlassian.com/browse/JSDSERVER-11863 (x_refsource_MISC)