Cross-Site Request Forgery Vulnerability in Atlassian Bamboo by Atlassian
CVE-2017-18080

8.8HIGH

Key Information:

Vendor: Atlassian
Status: Bamboo
Vendor: CVE Published:; 2 February 2018

Summary

A vulnerability in Atlassian Bamboo allows remote attackers to exploit the saveConfigureSecurity resource, enabling them to modify security settings without appropriate authorization. This flaw impacts versions prior to 6.3.1, making it crucial for users to ensure they are using the latest version to protect against possible unauthorized changes to security configurations.

Affected Version(s)

Bamboo prior to 6.3.1

References

https://jira.atlassian.com/browse/BAM-19664

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 2, 2018
Vulnerability Reserved
Feb 1, 2018