Every CVE whose affected-product data names Atlassian Bamboo, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2016-5229 — CVSS 9.8 (critical): Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote…
CVE-2022-26136 — CVSS 9.8 (critical): A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third…
CVE-2015-8360 — CVSS 9.8 (critical): An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code…
CVE-2014-9757 — CVSS 9.8 (critical): The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP…
CVE-2017-14589 — CVSS 9.6 (critical): It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted…
CVE-2012-2926 — CVSS 9.1 (critical): Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6…
CVE-2015-8361 — CVSS 9.1 (critical): Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote…
CVE-2017-14590 — CVSS 9.1 (critical): Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to…
CVE-2018-5224 — CVSS 8.8 (high): Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider…
CVE-2015-6576 — CVSS 8.8 (high): Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java…
CVE-2017-18042 — CVSS 8.8 (high): The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including…
CVE-2017-18080 — CVSS 8.8 (high): The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a…
CVE-2023-22516 — CVSS 8.8 (high): This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of…
CVE-2022-26137 — CVSS 8.8 (high): A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked…
CVE-2017-8907 — CVSS 8.8 (high): Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit…
CVE-2017-9514 — CVSS 8.8 (high): Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently…
CVE-2024-21687 — CVSS 8.1 (high): This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo…
CVE-2024-21689 — CVSS 8.0 (high): This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0…
CVE-2017-18081 — CVSS 6.1 (medium): The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross…
CVE-2017-18082 — CVSS 5.4 (medium): The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or…
CVE-2017-18041 — CVSS 5.4 (medium): The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary…
CVE-2017-18040 — CVSS 5.4 (medium): The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or…
CVE-2021-26067 — CVSS 5.3 (medium): Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home…
CVE-2019-15005 — CVSS 4.3 (medium): The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans…