Vulnerability in Atlassian Bamboo Data Center
CVE-2022-26137
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only kno…
EPSS: 0.001 (30.6th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Bamboo Data Center — versions unspecified, 8.1.0, 8.2.0
- Atlassian Bamboo Server — versions unspecified, 8.1.0, 8.2.0
- Atlassian Bitbucket Data Center — versions unspecified, 7.7.0, 7.16.0
- Atlassian Bitbucket Server — versions unspecified, 7.7.0, 7.16.0
- Atlassian Confluence Data Center — versions unspecified, 7.5.0, 7.14.0
- Atlassian Confluence Server — versions unspecified, 7.5.0, 7.14.0
- Atlassian Crowd Data Center — versions unspecified, 4.4.0, 5.0.0
- Atlassian Crowd Server — versions unspecified, 4.4.0, 5.0.0
- Atlassian Crucible — versions unspecified
- Atlassian Fisheye — versions unspecified
Weakness classification (CWE)
References
- jira.atlassian.com/browse/BAM-21795 (x_refsource_MISC)
- jira.atlassian.com/browse/BSERV-13370 (x_refsource_MISC)
- jira.atlassian.com/browse/CONFSERVER-79476 (x_refsource_MISC)
- jira.atlassian.com/browse/CWD-5815 (x_refsource_MISC)
- jira.atlassian.com/browse/FE-7410 (x_refsource_MISC)
- jira.atlassian.com/browse/CRUC-8541 (x_refsource_MISC)
- jira.atlassian.com/browse/JRASERVER-73897 (x_refsource_MISC)
- jira.atlassian.com/browse/JSDSERVER-11863 (x_refsource_MISC)