NotCVE - vendor:"Atlassian" product:"Bamboo" version:" >= 8.2.0

3 results (0.011 seconds)

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-22516

https://notcve.org/view.php?id=CVE-2023-22516

21 Nov 2023 — This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bamboo Data Center and Server customers upgrade to late... • https://confluence.atlassian.com/pages/viewpage.action?pageId=1318881573 •

CVSS: 10.0EPSS: 0%CPEs: 42EXPL: 0

CVE-2022-26137

https://notcve.org/view.php?id=CVE-2022-26137

20 Jul 2022 — A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into re... • https://jira.atlassian.com/browse/BAM-21795 • CWE-180: Incorrect Behavior Order: Validate Before Canonicalize CWE-346: Origin Validation Error •

CVSS: 10.0EPSS: 0%CPEs: 42EXPL: 0

CVE-2022-26136

https://notcve.org/view.php?id=CVE-2022-26136

20 Jul 2022 — A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions ar... • https://jira.atlassian.com/browse/BAM-21795 • CWE-180: Incorrect Behavior Order: Validate Before Canonicalize CWE-287: Improper Authentication •