Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-19663

Cross-site request forgery (CSRF) in the update user administration resource - CVE-2017-18042

      The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.

            [BAM-19663] Cross-site request forgery (CSRF) in the update user administration resource - CVE-2017-18042

            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Bamboo Workflow 2016 v1 - Restricted [ 2594777 ] New: JAC Bug Workflow v3 [ 3384734 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Symptom Severity Original: Major [ 14431 ] New: Severity 2 - Major [ 15831 ]
            David Black made changes -
            Labels Original: CVE-2017-18042 advisory advisory-to-release bamboo-bugfix-kanban bugbounty csrf cvss-high security xsrf New: CVE-2017-18042 advisory advisory-released bamboo-bugfix-kanban bugbounty csrf cvss-high security xsrf
            David Black made changes -
            Priority Original: Low [ 4 ] New: High [ 2 ]
            David Black made changes -
            Security Original: Atlassian Staff [ 10750 ]
            David Black made changes -
            Labels Original: advisory advisory-to-release bamboo-bugfix-kanban bugbounty csrf cvss-high security xsrf New: CVE-2017-18042 advisory advisory-to-release bamboo-bugfix-kanban bugbounty csrf cvss-high security xsrf
            David Black made changes -
            Summary Original: Sanitised security issue 3687190497d78cdcbcff1d1feadbb9eeecbdbbf2accdd992cc83566c8eb184d9 New: Cross-site request forgery (CSRF) in the update user administration resource - CVE-2017-18042
            David Black made changes -
            Description Original: Component in Atlassian Bamboo from version None before version 6.3.1 allows remote attackers to modify <INSERT_HERE> via a Cross-site request forgery (CSRF) vulnerability. New: The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.
            David Black made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Needs Triage [ 10030 ] New: Resolved [ 5 ]
            David Black made changes -
            Fix Version/s New: 6.3.1 [ 76995 ]

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: