cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-21689,https://securityvulnerability.io/vulnerability/CVE-2024-21689,High Severity RCE Vulnerability Affects Atlassian Bamboo Data Center and Server Versions,"A remote code execution vulnerability exists in Bamboo Data Center and Server versions 9.1.0 through 9.6.0, allowing an authenticated attacker to execute arbitrary code. This vulnerability directly impacts confidentiality, integrity, and availability. User interaction is required for exploitation, which underscores the importance of actively maintaining up-to-date software. Users are strongly advised to upgrade to supported fixed versions, specifically Bamboo Data Center and Server 9.2.17 or later, or Bamboo Data Center and Server 9.6.5 or later. Details and downloads are available on Atlassian's official site and through their release notes.",Atlassian,"Bamboo Data Center,Bamboo Server",8,HIGH,0.0004799999878741801,false,,false,false,true,2024-08-23T23:32:50.000Z,true,false,false,,2024-08-20T10:00:00.967Z,0
CVE-2024-21687,https://securityvulnerability.io/vulnerability/CVE-2024-21687,File Inclusion Vulnerability in Bamboo Data Center and Server by Atlassian,"A file inclusion vulnerability was identified in versions 9.0.0 to 9.6.0 of Bamboo Data Center and Server. An authenticated attacker can exploit this vulnerability to manipulate the application into accessing and displaying the contents of local files on the server. The potential consequences include significant risks to confidentiality and integrity of sensitive data, while availability remains unaffected. No user interaction is needed for an attack to succeed. Atlassian advises users to promptly update to the latest version or to one of the mentioned supported fixed versions. Detailed upgrade instructions can be found in the Bamboo release notes and the official download center.",Atlassian,"Bamboo Data Center,Bamboo Server",8.1,HIGH,0.0006900000153109431,false,,true,false,false,,,false,false,,2024-07-16T21:15:00.000Z,0
CVE-2023-22516,https://securityvulnerability.io/vulnerability/CVE-2023-22516,Remote Code Execution Vulnerability in Bamboo Data Center and Server by Atlassian,"A Remote Code Execution vulnerability has been identified in Bamboo Data Center and Server versions 8.1.0 through 9.3.0, allowing authenticated attackers to execute arbitrary code without user interaction. This vulnerability poses significant risks, affecting confidentiality, integrity, and availability. It is crucial for users on affected versions to upgrade immediately to the latest release or a specified fixed version to mitigate potential exploitation. For guidance on upgrades, please refer to Atlassian's official documentation.",Atlassian,"Bamboo Data Center,Bamboo Server",8.5,HIGH,0.0017900000093504786,false,,false,false,false,,,false,false,,2023-11-21T18:15:00.000Z,0
CVE-2023-22506,https://securityvulnerability.io/vulnerability/CVE-2023-22506,Remote Code Execution Vulnerability in Bamboo Data Center by Atlassian,"An injection and remote code execution vulnerability has been identified in Bamboo Data Center, allowing authenticated attackers to modify system calls and execute arbitrary code. This security flaw impacts the confidentiality, integrity, and availability of systems without requiring user interaction. Atlassian strongly advises updating to the latest version or at least to patched versions 9.2.3 or 9.3.1 to safeguard against potential exploits.",Atlassian,"Bamboo Data Center,Bamboo Server",8.8,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2023-07-19T00:15:00.000Z,0
CVE-2022-26136,https://securityvulnerability.io/vulnerability/CVE-2022-26136,Remote Authentication Bypass Vulnerability in Atlassian Products,"A vulnerability affecting various Atlassian products allows an unauthenticated remote attacker to bypass Servlet Filters utilized by both first and third party applications. The potential impact varies based on the specific filters employed by the applications, leading to possible authentication bypass and cross-site scripting (XSS) exploits. While Atlassian has deployed updates to address the root cause, the comprehensive implications of this vulnerability may not be fully disclosed, highlighting the importance of applying the latest security updates.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",9.8,CRITICAL,0.008580000139772892,false,,false,false,false,,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2022-26137,https://securityvulnerability.io/vulnerability/CVE-2022-26137,CORS Bypass Vulnerability in Atlassian Products,"A vulnerability in multiple Atlassian products enables a remote attacker to exploit Cross-origin resource sharing (CORS) by sending specially crafted HTTP requests. This can result in unauthorized access to vulnerable applications, permitting the attacker to utilize the permissions of a tricked user who visits a malicious URL. Affected versions of products, including Bamboo, Bitbucket, Confluence, Crowd, Fisheye, Crucible, Jira, and Jira Service Management, must be updated to mitigate this risk.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",8.8,HIGH,0.003659999929368496,false,,false,false,false,,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2021-26067,https://securityvulnerability.io/vulnerability/CVE-2021-26067,Sensitive Data Exposure in Atlassian Bamboo,"Atlassian Bamboo versions prior to 7.2.2 contain a vulnerability that allows unauthenticated remote attackers to access sensitive information. By exploiting this flaw, attackers can view a stack trace that potentially discloses the path to the home directory and checks for the existence of certain files in the temporary directory. This could result in exposure of critical system data, highlighting the importance of updating to the latest version to mitigate this risk.",Atlassian,Bamboo,5.3,MEDIUM,0.002139999996870756,false,,false,false,false,,,false,false,,2021-01-28T02:15:00.000Z,0
CVE-2019-15005,https://securityvulnerability.io/vulnerability/CVE-2019-15005,Authorization Bypass in Atlassian Troubleshooting and Support Tools Plugin,"The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 is prone to an authorization bypass vulnerability that enables unprivileged users to perform unauthorized log scans. This flaw allows attackers to send application configuration details to a designated email, potentially exposing sensitive information regarding the application's setup and environment. Affected products include multiple versions of Atlassian’s software suite, making it critical for users to upgrade to mitigate risks associated with this vulnerability.",Atlassian,"Bitbucket Server,Jira Server,Confluence Server,Crowd,Fisheye,Crucible,Bamboo",4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-11-08T00:00:00.000Z,0
CVE-2018-5224,https://securityvulnerability.io/vulnerability/CVE-2018-5224,,"Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository, or create a plan in Bamboo either globally or in a project using Bamboo Specs can can execute code of their choice on systems that run a vulnerable version of Bamboo on the Windows operating system. All versions of Bamboo starting with 2.7.0 before 6.3.3 (the fixed version for 6.3.x) and from version 6.4.0 before 6.4.1 (the fixed version for 6.4.x) running on the Windows operating system are affected by this vulnerability.",Atlassian,Bamboo,8.8,HIGH,0.004209999926388264,false,,false,false,false,,,false,false,,2018-03-29T13:29:00.000Z,0
CVE-2017-18040,https://securityvulnerability.io/vulnerability/CVE-2017-18040,,The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.,Atlassian,Bamboo,5.4,MEDIUM,0.0005499999970197678,false,,false,false,false,,,false,false,,2018-02-02T00:00:00.000Z,0
CVE-2017-18080,https://securityvulnerability.io/vulnerability/CVE-2017-18080,,The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.,Atlassian,Bamboo,8.8,HIGH,0.001449999981559813,false,,false,false,false,,,false,false,,2018-02-02T00:00:00.000Z,0
CVE-2017-18081,https://securityvulnerability.io/vulnerability/CVE-2017-18081,,The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie.,Atlassian,Bamboo,6.1,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2018-02-02T00:00:00.000Z,0
CVE-2017-18042,https://securityvulnerability.io/vulnerability/CVE-2017-18042,,The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.,Atlassian,Bamboo,8.8,HIGH,0.002139999996870756,false,,false,false,false,,,false,false,,2018-02-02T00:00:00.000Z,0
CVE-2017-18041,https://securityvulnerability.io/vulnerability/CVE-2017-18041,,The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.,Atlassian,Bamboo,5.4,MEDIUM,0.0005499999970197678,false,,false,false,false,,,false,false,,2018-02-02T00:00:00.000Z,0
CVE-2017-18082,https://securityvulnerability.io/vulnerability/CVE-2017-18082,,The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.,Atlassian,Bamboo,5.4,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2018-02-02T00:00:00.000Z,0
CVE-2017-14590,https://securityvulnerability.io/vulnerability/CVE-2017-14590,,"Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least one linked Mercurial repository that the attacker has permission to use, or commit to a Mercurial repository used by a Bamboo plan which has branch detection enabled can execute code of their choice on systems that run a vulnerable version of Bamboo Server. Versions of Bamboo starting with 2.7.0 before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability.",Atlassian,Bamboo,9.1,CRITICAL,0.0032099999953061342,false,,false,false,false,,,false,false,,2017-12-13T15:29:00.000Z,0
CVE-2017-14589,https://securityvulnerability.io/vulnerability/CVE-2017-14589,,"It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Bamboo. All versions of Bamboo before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability.",Atlassian,Bamboo,9.6,CRITICAL,0.005510000046342611,false,,false,false,false,,,false,false,,2017-12-13T15:29:00.000Z,0
CVE-2017-9514,https://securityvulnerability.io/vulnerability/CVE-2017-9514,,"Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo.",Atlassian,Bamboo,8.8,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2017-10-12T13:00:00.000Z,0
CVE-2015-6576,https://securityvulnerability.io/vulnerability/CVE-2015-6576,,Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource.,Atlassian,Bamboo,8.8,HIGH,0.00343000004068017,false,,false,false,true,2015-11-20T14:16:18.000Z,true,false,false,,2017-10-03T01:29:00.000Z,0
CVE-2017-8907,https://securityvulnerability.io/vulnerability/CVE-2017-8907,,"Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so.  An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan with a green build, to create a deployment project and execute arbitrary code on an available Bamboo Agent.  By default a local agent is enabled; this means that code execution can occur on the system hosting Bamboo as the user running Bamboo.",Atlassian,Atlassian Bamboo,8.8,HIGH,0.0012000000569969416,false,,false,false,false,,,false,false,,2017-06-14T20:00:00.000Z,0
CVE-2016-5229,https://securityvulnerability.io/vulnerability/CVE-2016-5229,,"Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization.",Atlassian,Bamboo,9.8,CRITICAL,0.03858000040054321,false,,false,false,false,,,false,false,,2016-08-02T16:00:00.000Z,0
CVE-2015-8361,https://securityvulnerability.io/vulnerability/CVE-2015-8361,,"Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port.",Atlassian,Bamboo,9.1,CRITICAL,0.0034000000450760126,false,,false,false,false,,,false,false,,2016-02-08T19:00:00.000Z,0
CVE-2014-9757,https://securityvulnerability.io/vulnerability/CVE-2014-9757,,"The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.",Atlassian,Bamboo,9.8,CRITICAL,0.0043299999088048935,false,,false,false,false,,,false,false,,2016-02-08T19:00:00.000Z,0
CVE-2015-8360,https://securityvulnerability.io/vulnerability/CVE-2015-8360,,An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port.,Atlassian,Bamboo,9.8,CRITICAL,0.0065100002102553844,false,,false,false,false,,,false,false,,2016-02-08T19:00:00.000Z,0
CVE-2012-2926,https://securityvulnerability.io/vulnerability/CVE-2012-2926,,"Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.",Atlassian,"Fisheye,Confluence,Jira,Crucible,Crowd,Bamboo,Confluence Server",9.1,CRITICAL,0.46397000551223755,false,,false,false,false,,,false,false,,2012-05-22T15:00:00.000Z,0