21 results (0.002 seconds)

CVSS: 10.0EPSS: 0%CPEs: 42EXPL: 0

CVE-2022-26137

https://notcve.org/view.php?id=CVE-2022-26137

20 Jul 2022 — A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into re... • https://jira.atlassian.com/browse/BAM-21795 • CWE-180: Incorrect Behavior Order: Validate Before Canonicalize CWE-346: Origin Validation Error •

CVSS: 10.0EPSS: 0%CPEs: 42EXPL: 0

CVE-2022-26136

https://notcve.org/view.php?id=CVE-2022-26136

20 Jul 2022 — A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions ar... • https://jira.atlassian.com/browse/BAM-21795 • CWE-180: Incorrect Behavior Order: Validate Before Canonicalize CWE-287: Improper Authentication •

CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0

CVE-2021-26067

https://notcve.org/view.php?id=CVE-2021-26067

28 Jan 2021 — Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions are before version 7.2.2. Las versiones afectadas de Atlassian Bamboo permiten a un atacante remoto no autenticado visualizar un seguimiento de la pila que puede revelar la ruta del directorio de inicio en el disco ... • https://jira.atlassian.com/browse/BAM-21215 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2019-15005

https://notcve.org/view.php?id=CVE-2019-15005

08 Nov 2019 — The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center... • https://herolab.usd.de/security-advisories/usd-2019-0016 • CWE-862: Missing Authorization •

CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2018-5224 – Atlassian Bamboo 6.x Code Execution

https://notcve.org/view.php?id=CVE-2018-5224

29 Mar 2018 — Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository, or create a plan in Bamboo either globally or in a project using Bamboo Specs can can execute code of their choice on systems that run a vulnerable version of Bamboo on the Windows operating system. All versions of... • http://www.securityfocus.com/bid/103653 • CWE-20: Improper Input Validation •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-18040

https://notcve.org/view.php?id=CVE-2017-18040

02 Feb 2018 — The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. El recurso viewDeploymentVersionCommits en Atlassian Bamboo, en versiones anteriores a la 6.2.0, permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en el nombre de una versión. • http://www.securityfocus.com/bid/103070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-18041

https://notcve.org/view.php?id=CVE-2017-18041

02 Feb 2018 — The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. El recurso viewDeploymentVersionJiraIssuesDialog en Atlassian Bamboo, en versiones anteriores a la 6.2.0, permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en el nombre de una versión. • http://www.securityfocus.com/bid/103071 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-18042

https://notcve.org/view.php?id=CVE-2017-18042

02 Feb 2018 — The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. El recurso de actualización de administración de usuarios en Atlassian Bamboo, en versiones anteriores a la 6.3.1, permite que atacantes remotos modifiquen los datos de usuario, incluyendo las contraseñas, mediante una vulnerabilidad de Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/103110 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-18080

https://notcve.org/view.php?id=CVE-2017-18080

02 Feb 2018 — The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. El recurso saveConfigureSecurity en Atlassian Bamboo, en versiones anteriores a la 6.3.1, permite que atacantes remotos modifiquen las opciones de seguridad mediante una vulnerabilidad de Cross-Site Request Forgery (CSRF). • https://jira.atlassian.com/browse/BAM-19664 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-18081

https://notcve.org/view.php?id=CVE-2017-18081

02 Feb 2018 — The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie. El recurso signupUser en Atlassian Bamboo, en versiones anteriores a la 6.3.1, permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en el valor de la cookie del token csrf. • http://www.securityfocus.com/bid/103087 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •