GCVE - cpe:2.3:a:atlassian:bamboo:5.4.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:atlassian:bamboo:5.4.1:*:*:*:*:*:*:*

part: a version: 5.4.1 update: *

Vendor	Atlassian (`8acde0d4-2b83-5bd8-8d3f-60d59e0b022e`)
Product	Bamboo (`57de54a8-839e-59e5-94c6-5bee320af648`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-8907`	vulnerable	2026-06-03 14:37:40.810427	Details available Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan with a green build, to create a deployment project and execute arbitrary code on an available Bamboo Agent. By default a local agent is enabled; this means that code execution can occur on the system hosting Bamboo as the user running Bamboo. Published: 2017-06-14T20:00:00.000Z Updated: 2024-10-16T13:45:59.898Z Open on db.gcve.eu Reference links https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2017-06-14-907283498.html http://www.securityfocus.com/bid/99090	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8361`	vulnerable	2026-06-03 14:35:11.737046	Details available Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port. Published: 2016-02-08T19:00:00.000Z Updated: 2024-08-06T08:13:32.335Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/537347/100/0/threaded https://jira.atlassian.com/browse/BAM-17102 https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8360`	vulnerable	2026-06-03 14:35:11.725760	Details available An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. Published: 2016-02-08T19:00:00.000Z Updated: 2024-08-06T08:13:32.642Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/537347/100/0/threaded https://jira.atlassian.com/browse/BAM-17101 https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-9757`	vulnerable	2026-06-03 14:34:28.243214	Details available The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message. Published: 2016-02-08T19:00:00.000Z Updated: 2024-08-06T13:55:04.539Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/537347/100/0/threaded https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html https://jira.atlassian.com/browse/BAM-17099 http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.