threat
engine
.sh
Back
·
··:··
Home
/
Product
/
atlassian bamboo
Product
atlassian bamboo
24 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-21689
>= 9.1.0 and < 9.2.17
This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.
8.0
HIGH
CVE-2024-21687
>= 9.0.0 and <= 9.0.4
This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of B
8.1
HIGH
CVE-2023-22516
>= 8.1.0 and < 9.2.7
This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3
8.8
HIGH
CVE-2022-26137
>= 7.2.0 and < 7.2.10
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be
8.8
HIGH
CVE-2022-26136
>= 7.2.0 and < 7.2.10
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first a
9.8
CRITICAL
CVE-2021-26067
< 7.2.2
Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for
5.3
MEDIUM
CVE-2019-15005
< 6.10.2
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic lo
4.3
MEDIUM
CVE-2018-5224
>= 2.7.0 and < 6.3.3
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may con
8.8
HIGH
CVE-2017-18082
< 6.2.3
The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or
5.4
MEDIUM
CVE-2017-18081
< 6.3.1
The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript vi
6.1
MEDIUM
CVE-2017-18080
< 6.3.1
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings vi
8.8
HIGH
CVE-2017-18042
< 6.3.1
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data inclu
8.8
HIGH
CVE-2017-18041
< 6.2.0
The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbi
5.4
MEDIUM
CVE-2017-18040
< 6.2
The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTM
5.4
MEDIUM
CVE-2017-14590
>= 2.7.0 and < 6.1.6
Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permis
9.1
CRITICAL
CVE-2017-14589
< 6.1.6
It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has re
9.6
CRITICAL
CVE-2017-9514
all versions
Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficient
8.8
HIGH
CVE-2015-6576
>= 2.2 and < 5.8.5
Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrar
8.8
HIGH
CVE-2017-8907
all versions
Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the ed
8.8
HIGH
CVE-2016-5229
<= 5.11.3
Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allow
9.8
CRITICAL
CVE-2015-8361
all versions
Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allow
9.1
CRITICAL
CVE-2015-8360
all versions
An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Jav
9.8
CRITICAL
CVE-2014-9757
all versions
The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XM
9.8
CRITICAL
CVE-2012-2926
< 3.3.4
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8,
9.1
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin