CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18042
https://notcve.org/view.php?id=CVE-2017-18042
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. El recurso de actualización de administración de usuarios en Atlassian Bamboo, en versiones anteriores a la 6.3.1, permite que atacantes remotos modifiquen los datos de usuario, incluyendo las contraseñas, mediante una vulnerabilidad de Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/103110 https://jira.atlassian.com/browse/BAM-19663 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18081
https://notcve.org/view.php?id=CVE-2017-18081
The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie. El recurso signupUser en Atlassian Bamboo, en versiones anteriores a la 6.3.1, permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en el valor de la cookie del token csrf. • http://www.securityfocus.com/bid/103087 https://jira.atlassian.com/browse/BAM-19665 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18080
https://notcve.org/view.php?id=CVE-2017-18080
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. El recurso saveConfigureSecurity en Atlassian Bamboo, en versiones anteriores a la 6.3.1, permite que atacantes remotos modifiquen las opciones de seguridad mediante una vulnerabilidad de Cross-Site Request Forgery (CSRF). • https://jira.atlassian.com/browse/BAM-19664 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18041
https://notcve.org/view.php?id=CVE-2017-18041
The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. El recurso viewDeploymentVersionJiraIssuesDialog en Atlassian Bamboo, en versiones anteriores a la 6.2.0, permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en el nombre de una versión. • http://www.securityfocus.com/bid/103071 https://jira.atlassian.com/browse/BAM-19662 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18040
https://notcve.org/view.php?id=CVE-2017-18040
The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. El recurso viewDeploymentVersionCommits en Atlassian Bamboo, en versiones anteriores a la 6.2.0, permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en el nombre de una versión. • http://www.securityfocus.com/bid/103070 https://jira.atlassian.com/browse/BAM-19661 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •