[BAM-21215] Accessing the URL /chart?filename=<file_name> exposes sensitive information - CVE-2021-26067 - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Public Security Vulnerability
Status: Published (View Workflow)
Priority: Low
Resolution: Fixed
Affects Version/s: 7.2.1
Fix Version/s: 7.2.2
Component/s: None
Labels:

CVSS Score:
5.3
CVSS Severity:
Medium
CVE ID:
CVE-2021-26067

Description

Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint.

The affected versions are before version 7.2.2.

Affected versions:

version < 7.2.2

Fixed versions:

7.2.2

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 22/Jan/2021 5:27 PM

Updated:: 16/Sep/2021 5:28 AM

Resolved:: 25/Jan/2021 3:56 AM