Atlassian Bamboo
19 CVEs affecting Atlassian Bamboo. Latest disclosed: 2021-01-28. Critical: 7, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-5229 | Critical | 9.8 | 2016-08-02 | Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute… |
CVE-2015-8360 | Critical | 9.8 | 2016-02-08 | An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to… |
CVE-2014-9757 | Critical | 9.8 | 2016-02-08 | The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitra… |
CVE-2017-14589 | Critical | 9.6 | 2017-12-13 | It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration right… |
CVE-2017-14590 | Critical | 9.1 | 2017-12-13 | Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository i… |
CVE-2015-8361 | Critical | 9.1 | 2016-02-08 | Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain… |
CVE-2012-2926 | Critical | 9.1 | 2012-05-22 | Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 be… |
CVE-2017-9514 | High | 8.8 | 2017-10-12 | Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes cou… |
CVE-2015-6576 | High | 8.8 | 2017-10-03 | Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecifie… |
CVE-2017-8907 | High | 8.8 | 2017-06-14 | Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore t… |
CVE-2021-26067 | | 2021-01-28 | Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk an… | |
CVE-2019-15005 | | 2019-11-08 | The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results… | |
CVE-2018-5224 | | 2018-03-29 | Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An… | |
CVE-2017-18082 | | 2018-02-02 | The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site s… | |
CVE-2017-18081 | | 2018-02-02 | The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS… | |
CVE-2017-18080 | | 2018-02-02 | The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forger… | |
CVE-2017-18042 | | 2018-02-02 | The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-si… | |
CVE-2017-18041 | | 2018-02-02 | The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via… | |
CVE-2017-18040 | | 2018-02-02 | The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross s… |