Filtered by vendor Atlassian
Subscriptions
Filtered by product Bamboo
Subscriptions
Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5229 | 1 Atlassian | 1 Bamboo | 2024-08-06 | N/A |
| Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization. | ||||
| CVE-2017-9514 | 1 Atlassian | 1 Bamboo | 2024-08-05 | N/A |
| Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo. | ||||