Skip to main content

Bamboo

18 CVEs product

Monthly

CVE-2024-21689 HIGH This Week

This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Bamboo
NVD
CVSS 3.1
8.0
EPSS
2.5%
CVE-2024-21687 HIGH This Week

This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure Atlassian Bamboo
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-22516 HIGH This Week

This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE Atlassian Bamboo
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-26137 HIGH PATCH This Week

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian Bamboo Bitbucket Confluence Data Center +8
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-26136 CRITICAL PATCH Act Now

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian XSS Bamboo Bitbucket +9
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2021-26067 MEDIUM This Month

Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Bamboo
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-15005 MEDIUM This Month

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Troubleshooting And Support Bamboo Bitbucket +5
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2018-5224 HIGH This Week

Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Bamboo
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2017-14590 CRITICAL PATCH Act Now

Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Bamboo
NVD
CVSS 3.0
9.1
EPSS
0.5%
CVE-2017-14589 CRITICAL Act Now

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Bamboo
NVD
CVSS 3.0
9.6
EPSS
0.3%
CVE-2017-9514 HIGH This Week

Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Bamboo
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2015-6576 HIGH This Week

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Java Bamboo
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2017-8907 HIGH This Week

Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Atlassian Authentication Bypass Bamboo
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2016-5229 CRITICAL Act Now

Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian RCE Authentication Bypass Bamboo
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2015-8361 CRITICAL PATCH Act Now

Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Authentication Bypass Bamboo
NVD
CVSS 3.0
9.1
EPSS
0.5%
CVE-2015-8360 CRITICAL PATCH Act Now

An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian RCE Java Bamboo
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2014-9757 CRITICAL PATCH Act Now

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian RCE Java Bamboo
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2012-2926 CRITICAL POC PATCH THREAT Act Now

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.6%.

Denial Of Service Atlassian Bamboo Confluence Confluence Server +4
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
67.6%
Threat
5.3
EPSS 2% CVSS 8.0
HIGH This Week

This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian +1
NVD
EPSS 1% CVSS 8.1
HIGH This Week

This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE Atlassian +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian Bamboo +10
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian XSS +11
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Bamboo
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Troubleshooting And Support +7
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Bamboo
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Bamboo
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Bamboo
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Bamboo
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Java +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Atlassian Authentication Bypass +1
NVD
EPSS 6% CVSS 9.8
CRITICAL Act Now

Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian RCE Authentication Bypass +1
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Authentication Bypass Bamboo
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian RCE Java +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian RCE Java +1
NVD
EPSS 68% 5.3 CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.6%.

Denial Of Service Atlassian Bamboo +6
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy