cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-21689,https://securityvulnerability.io/vulnerability/CVE-2024-21689,High Severity RCE Vulnerability Affects Atlassian Bamboo Data Center and Server Versions,"A remote code execution vulnerability exists in Bamboo Data Center and Server versions 9.1.0 through 9.6.0, allowing an authenticated attacker to execute arbitrary code. This vulnerability directly impacts confidentiality, integrity, and availability. User interaction is required for exploitation, which underscores the importance of actively maintaining up-to-date software. Users are strongly advised to upgrade to supported fixed versions, specifically Bamboo Data Center and Server 9.2.17 or later, or Bamboo Data Center and Server 9.6.5 or later. Details and downloads are available on Atlassian's official site and through their release notes.",Atlassian,"Bamboo Data Center,Bamboo Server",7.6,HIGH,0.0004299999854993075,false,false,false,true,true,false,false,2024-08-20T10:00:00.967Z,0
CVE-2024-21687,https://securityvulnerability.io/vulnerability/CVE-2024-21687,File Inclusion Vulnerability in Bamboo Data Center and Server by Atlassian,"A file inclusion vulnerability was identified in versions 9.0.0 to 9.6.0 of Bamboo Data Center and Server. An authenticated attacker can exploit this vulnerability to manipulate the application into accessing and displaying the contents of local files on the server. The potential consequences include significant risks to confidentiality and integrity of sensitive data, while availability remains unaffected. No user interaction is needed for an attack to succeed. Atlassian advises users to promptly update to the latest version or to one of the mentioned supported fixed versions. Detailed upgrade instructions can be found in the Bamboo release notes and the official download center.",Atlassian,"Bamboo Data Center,Bamboo Server",8.1,HIGH,0.0004299999854993075,false,true,false,false,,false,false,2024-07-16T21:15:00.000Z,0
CVE-2023-22516,https://securityvulnerability.io/vulnerability/CVE-2023-22516,Remote Code Execution Vulnerability in Bamboo Data Center and Server by Atlassian,"A Remote Code Execution vulnerability has been identified in Bamboo Data Center and Server versions 8.1.0 through 9.3.0, allowing authenticated attackers to execute arbitrary code without user interaction. This vulnerability poses significant risks, affecting confidentiality, integrity, and availability. It is crucial for users on affected versions to upgrade immediately to the latest release or a specified fixed version to mitigate potential exploitation. For guidance on upgrades, please refer to Atlassian's official documentation.",Atlassian,"Bamboo Data Center,Bamboo Server",8.5,HIGH,0.0017900000093504786,false,false,false,false,,false,false,2023-11-21T18:15:00.000Z,0
CVE-2023-22506,https://securityvulnerability.io/vulnerability/CVE-2023-22506,Remote Code Execution Vulnerability in Bamboo Data Center by Atlassian,"An injection and remote code execution vulnerability has been identified in Bamboo Data Center, allowing authenticated attackers to modify system calls and execute arbitrary code. This security flaw impacts the confidentiality, integrity, and availability of systems without requiring user interaction. Atlassian strongly advises updating to the latest version or at least to patched versions 9.2.3 or 9.3.1 to safeguard against potential exploits.",Atlassian,"Bamboo Data Center,Bamboo Server",8.8,HIGH,0.0011500000255182385,false,false,false,false,,false,false,2023-07-19T00:15:00.000Z,0
CVE-2022-26137,https://securityvulnerability.io/vulnerability/CVE-2022-26137,,"A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim’s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",8.8,HIGH,0.0032999999821186066,false,false,false,false,,false,false,2022-07-20T00:00:00.000Z,0
CVE-2022-26136,https://securityvulnerability.io/vulnerability/CVE-2022-26136,,"A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",9.8,CRITICAL,0.007739999797195196,false,false,false,false,,false,false,2022-07-20T00:00:00.000Z,0
CVE-2019-15005,https://securityvulnerability.io/vulnerability/CVE-2019-15005,,"The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2.",Atlassian,"Bitbucket Server,Jira Server,Confluence Server,Crowd,Fisheye,Crucible,Bamboo",4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2019-11-08T00:00:00.000Z,0
CVE-2012-2926,https://securityvulnerability.io/vulnerability/CVE-2012-2926,,"Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.",Atlassian,"Fisheye,Confluence,Jira,Crucible,Crowd,Bamboo,Confluence Server",9.1,CRITICAL,0.46397000551223755,false,false,false,false,,false,false,2012-05-22T15:00:00.000Z,0