Known Vulnerabilities for Bamboo by Atlassian
Listed below are 10 of the newest known vulnerabilities associated with "Bamboo" by "Atlassian".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-51859 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bamboo Manchester Bambo... | Not Provided | 2024-11-19 | 2026-04-01 |
| CVE-2021-26067 | Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path... | 5.3 - MEDIUM | 2021-01-28 | 2021-02-04 |
| CVE-2019-15005 | The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate period... | 4.3 - MEDIUM | 2019-11-08 | 2019-11-14 |
| CVE-2018-5224 | Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system ma... | 8.8 - HIGH | 2018-03-29 | 2018-04-24 |
| CVE-2017-18042 | The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data ... | 8.8 - HIGH | 2018-02-02 | 2019-04-29 |
| CVE-2017-18041 | The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject... | 5.4 - MEDIUM | 2018-02-02 | 2019-04-30 |
| CVE-2017-18040 | The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrar... | 5.4 - MEDIUM | 2018-02-02 | 2018-10-17 |
| CVE-2017-14590 | Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has p... | 9.1 - CRITICAL | 2017-12-13 | 2019-10-03 |
| CVE-2017-14589 | It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who h... | 9.6 - CRITICAL | 2017-12-13 | 2018-01-10 |
| CVE-2017-9514 | Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not suffi... | 8.8 - HIGH | 2017-10-12 | 2019-10-03 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Atlassian | Bamboo | 7.2.2 | All | All | All |
| Application | Atlassian | Bamboo | 7.2.1 | All | All | All |
| Application | Atlassian | Bamboo | 7.2.0 | All | All | All |
| Application | Atlassian | Bamboo | 7.1.4 | All | All | All |
| Application | Atlassian | Bamboo | 7.1.3 | All | All | All |
| Application | Atlassian | Bamboo | 7.1.2 | All | All | All |
| Application | Atlassian | Bamboo | 7.1.0 | All | All | All |
| Application | Atlassian | Bamboo | 7.0.6 | All | All | All |
| Application | Atlassian | Bamboo | 7.0.4 | All | All | All |
| Application | Atlassian | Bamboo | 7.0.3 | All | All | All |
| Application | Atlassian | Bamboo | 7.0.2 | All | All | All |
| Application | Atlassian | Bamboo | 7.0.0 | All | All | All |
| Application | Atlassian | Bamboo | 6.9.2 | All | All | All |
| Application | Atlassian | Bamboo | 6.9.1 | All | All | All |
| Application | Atlassian | Bamboo | 6.9.0 | All | All | All |
| Application | Atlassian | Bamboo | 6.8.3 | All | All | All |
| Application | Atlassian | Bamboo | 6.8.2 | All | All | All |
| Application | Atlassian | Bamboo | 6.8.1 | All | All | All |
| Application | Atlassian | Bamboo | 6.8.0 | All | All | All |
| Application | Atlassian | Bamboo | 6.7.3 | All | All | All |