-
Bug
-
Resolution: Fixed
-
High
-
None
-
None
-
Severity 2 - Major
-
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.
[BAM-19663] Cross-site request forgery (CSRF) in the update user administration resource - CVE-2017-18042
| Workflow | Original: Bamboo Workflow 2016 v1 - Restricted [ 2594777 ] | New: JAC Bug Workflow v3 [ 3384734 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Symptom Severity | Original: Major [ 14431 ] | New: Severity 2 - Major [ 15831 ] |
| Labels | Original: CVE-2017-18042 advisory advisory-to-release bamboo-bugfix-kanban bugbounty csrf cvss-high security xsrf | New: CVE-2017-18042 advisory advisory-released bamboo-bugfix-kanban bugbounty csrf cvss-high security xsrf |
| Priority | Original: Low [ 4 ] | New: High [ 2 ] |
| Security | Original: Atlassian Staff [ 10750 ] |
| Labels | Original: advisory advisory-to-release bamboo-bugfix-kanban bugbounty csrf cvss-high security xsrf | New: CVE-2017-18042 advisory advisory-to-release bamboo-bugfix-kanban bugbounty csrf cvss-high security xsrf |
| Summary | Original: Sanitised security issue 3687190497d78cdcbcff1d1feadbb9eeecbdbbf2accdd992cc83566c8eb184d9 | New: Cross-site request forgery (CSRF) in the update user administration resource - CVE-2017-18042 |
| Description | Original: Component in Atlassian Bamboo from version None before version 6.3.1 allows remote attackers to modify <INSERT_HERE> via a Cross-site request forgery (CSRF) vulnerability. | New: The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Needs Triage [ 10030 ] | New: Resolved [ 5 ] |
| Fix Version/s | New: 6.3.1 [ 76995 ] |