Cross-Site Request Forgery Vulnerability in Atlassian Bamboo
CVE-2017-18042

8.8HIGH

Key Information:

Vendor: Atlassian
Status: Bamboo
Vendor: CVE Published:; 2 February 2018

What is CVE-2017-18042?

A vulnerability exists in Atlassian Bamboo prior to version 6.3.1, enabling remote attackers to exploit Cross-Site Request Forgery (CSRF) to alter user data, including sensitive information such as passwords. This flaw potentially exposes user accounts to unauthorized access and manipulation, emphasizing the need for proper input validation and security measures to protect against CSRF attacks.

Affected Version(s)

Bamboo prior to 6.3.1

References

http://www.securityfocus.com/bid/103110

vdb-entryx_refsource_BID

https://jira.atlassian.com/browse/BAM-19663

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2018
Vulnerability Reserved
Jan 17, 2018