cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-21689,https://securityvulnerability.io/vulnerability/CVE-2024-21689,High Severity RCE Vulnerability Affects Atlassian Bamboo Data Center and Server Versions,"A remote code execution vulnerability exists in Bamboo Data Center and Server versions 9.1.0 through 9.6.0, allowing an authenticated attacker to execute arbitrary code. This vulnerability directly impacts confidentiality, integrity, and availability. User interaction is required for exploitation, which underscores the importance of actively maintaining up-to-date software. Users are strongly advised to upgrade to supported fixed versions, specifically Bamboo Data Center and Server 9.2.17 or later, or Bamboo Data Center and Server 9.6.5 or later. Details and downloads are available on Atlassian's official site and through their release notes.",Atlassian,"Bamboo Data Center,Bamboo Server",8,HIGH,0.0004799999878741801,false,,false,false,true,2024-08-23T23:32:50.000Z,true,false,false,,2024-08-20T10:00:00.967Z,0
CVE-2024-21687,https://securityvulnerability.io/vulnerability/CVE-2024-21687,File Inclusion Vulnerability in Bamboo Data Center and Server by Atlassian,"A file inclusion vulnerability was identified in versions 9.0.0 to 9.6.0 of Bamboo Data Center and Server. An authenticated attacker can exploit this vulnerability to manipulate the application into accessing and displaying the contents of local files on the server. The potential consequences include significant risks to confidentiality and integrity of sensitive data, while availability remains unaffected. No user interaction is needed for an attack to succeed. Atlassian advises users to promptly update to the latest version or to one of the mentioned supported fixed versions. Detailed upgrade instructions can be found in the Bamboo release notes and the official download center.",Atlassian,"Bamboo Data Center,Bamboo Server",8.1,HIGH,0.0006900000153109431,false,,true,false,false,,,false,false,,2024-07-16T21:15:00.000Z,0
CVE-2023-22516,https://securityvulnerability.io/vulnerability/CVE-2023-22516,Remote Code Execution Vulnerability in Bamboo Data Center and Server by Atlassian,"A Remote Code Execution vulnerability has been identified in Bamboo Data Center and Server versions 8.1.0 through 9.3.0, allowing authenticated attackers to execute arbitrary code without user interaction. This vulnerability poses significant risks, affecting confidentiality, integrity, and availability. It is crucial for users on affected versions to upgrade immediately to the latest release or a specified fixed version to mitigate potential exploitation. For guidance on upgrades, please refer to Atlassian's official documentation.",Atlassian,"Bamboo Data Center,Bamboo Server",8.5,HIGH,0.0017900000093504786,false,,false,false,false,,,false,false,,2023-11-21T18:15:00.000Z,0
CVE-2023-22506,https://securityvulnerability.io/vulnerability/CVE-2023-22506,Remote Code Execution Vulnerability in Bamboo Data Center by Atlassian,"An injection and remote code execution vulnerability has been identified in Bamboo Data Center, allowing authenticated attackers to modify system calls and execute arbitrary code. This security flaw impacts the confidentiality, integrity, and availability of systems without requiring user interaction. Atlassian strongly advises updating to the latest version or at least to patched versions 9.2.3 or 9.3.1 to safeguard against potential exploits.",Atlassian,"Bamboo Data Center,Bamboo Server",8.8,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2023-07-19T00:15:00.000Z,0
CVE-2022-26137,https://securityvulnerability.io/vulnerability/CVE-2022-26137,CORS Bypass Vulnerability in Atlassian Products,"A vulnerability in multiple Atlassian products enables a remote attacker to exploit Cross-origin resource sharing (CORS) by sending specially crafted HTTP requests. This can result in unauthorized access to vulnerable applications, permitting the attacker to utilize the permissions of a tricked user who visits a malicious URL. Affected versions of products, including Bamboo, Bitbucket, Confluence, Crowd, Fisheye, Crucible, Jira, and Jira Service Management, must be updated to mitigate this risk.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",8.8,HIGH,0.003659999929368496,false,,false,false,false,,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2022-26136,https://securityvulnerability.io/vulnerability/CVE-2022-26136,Remote Authentication Bypass Vulnerability in Atlassian Products,"A vulnerability affecting various Atlassian products allows an unauthenticated remote attacker to bypass Servlet Filters utilized by both first and third party applications. The potential impact varies based on the specific filters employed by the applications, leading to possible authentication bypass and cross-site scripting (XSS) exploits. While Atlassian has deployed updates to address the root cause, the comprehensive implications of this vulnerability may not be fully disclosed, highlighting the importance of applying the latest security updates.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",9.8,CRITICAL,0.008580000139772892,false,,false,false,false,,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2019-15005,https://securityvulnerability.io/vulnerability/CVE-2019-15005,Authorization Bypass in Atlassian Troubleshooting and Support Tools Plugin,"The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 is prone to an authorization bypass vulnerability that enables unprivileged users to perform unauthorized log scans. This flaw allows attackers to send application configuration details to a designated email, potentially exposing sensitive information regarding the application's setup and environment. Affected products include multiple versions of Atlassian’s software suite, making it critical for users to upgrade to mitigate risks associated with this vulnerability.",Atlassian,"Bitbucket Server,Jira Server,Confluence Server,Crowd,Fisheye,Crucible,Bamboo",4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-11-08T00:00:00.000Z,0
CVE-2012-2926,https://securityvulnerability.io/vulnerability/CVE-2012-2926,,"Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.",Atlassian,"Fisheye,Confluence,Jira,Crucible,Crowd,Bamboo,Confluence Server",9.1,CRITICAL,0.46397000551223755,false,,false,false,false,,,false,false,,2012-05-22T15:00:00.000Z,0