Search
Search Results (27 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-5224 | 2 Atlassian, Microsoft | 2 Bamboo, Windows | 2024-11-21 | N/A |
| Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository, or create a plan in Bamboo either globally or in a project using Bamboo Specs can can execute code of their choice on systems that run a vulnerable version of Bamboo on the Windows operating system. All versions of Bamboo starting with 2.7.0 before 6.3.3 (the fixed version for 6.3.x) and from version 6.4.0 before 6.4.1 (the fixed version for 6.4.x) running on the Windows operating system are affected by this vulnerability. | ||||
| CVE-2017-18082 | 1 Atlassian | 1 Bamboo | 2024-11-21 | N/A |
| The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch. | ||||
| CVE-2017-18081 | 1 Atlassian | 1 Bamboo | 2024-11-21 | N/A |
| The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie. | ||||
| CVE-2017-18080 | 1 Atlassian | 1 Bamboo | 2024-11-21 | N/A |
| The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. | ||||
| CVE-2017-18042 | 1 Atlassian | 1 Bamboo | 2024-11-21 | N/A |
| The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. | ||||
| CVE-2017-18041 | 1 Atlassian | 1 Bamboo | 2024-11-21 | N/A |
| The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. | ||||
| CVE-2017-18040 | 1 Atlassian | 1 Bamboo | 2024-11-21 | N/A |
| The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. | ||||