Known Vulnerabilities for Bamboo by Atlassian
Listed below are 10 of the newest known vulnerabilities associated with "Bamboo" by "Atlassian".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-21571 json | This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, ... | Not Provided | 2026-04-21 | 2026-04-21 |
| CVE-2024-51859 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bamboo Manchester Bambo... | Not Provided | 2024-11-19 | 2026-04-01 |
| CVE-2023-22516 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-11-21 | 2023-11-29 |
| CVE-2022-26137 json | A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters ... | 8.8 - HIGH | 2022-07-20 | 2022-08-04 |
| CVE-2022-26136 json | A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by fi... | 9.8 - CRITICAL | 2022-07-20 | 2022-08-04 |
| CVE-2021-26067 json | Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path... | 5.3 - MEDIUM | 2021-01-28 | 2021-02-04 |
| CVE-2019-15005 json | The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate period... | 4.3 - MEDIUM | 2019-11-08 | 2019-11-14 |
| CVE-2018-5224 json | Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system ma... | 8.8 - HIGH | 2018-03-29 | 2018-04-24 |
| CVE-2017-18082 json | The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTM... | 5.4 - MEDIUM | 2018-02-02 | 2018-02-13 |
| CVE-2017-18081 json | The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScri... | 6.1 - MEDIUM | 2018-02-02 | 2019-04-26 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Atlassian | Bamboo | 7.2.2 | |||
| Application | Atlassian | Bamboo | 7.2.1 | |||
| Application | Atlassian | Bamboo | 7.2.0 | |||
| Application | Atlassian | Bamboo | 7.1.4 | |||
| Application | Atlassian | Bamboo | 7.1.3 | |||
| Application | Atlassian | Bamboo | 7.1.2 | |||
| Application | Atlassian | Bamboo | 7.1.0 | |||
| Application | Atlassian | Bamboo | 7.0.6 | |||
| Application | Atlassian | Bamboo | 7.0.4 | |||
| Application | Atlassian | Bamboo | 7.0.3 | |||
| Application | Atlassian | Bamboo | 7.0.2 | |||
| Application | Atlassian | Bamboo | 7.0.0 | |||
| Application | Atlassian | Bamboo | 6.9.2 | |||
| Application | Atlassian | Bamboo | 6.9.1 | |||
| Application | Atlassian | Bamboo | 6.9.0 | |||
| Application | Atlassian | Bamboo | 6.8.3 | |||
| Application | Atlassian | Bamboo | 6.8.2 | |||
| Application | Atlassian | Bamboo | 6.8.1 | |||
| Application | Atlassian | Bamboo | 6.8.0 | |||
| Application | Atlassian | Bamboo | 6.7.3 |