• Type: Public Security Vulnerability
• Resolution: Fixed
• Priority: Low
• Fix Version/s: 7.2.2
• Affects Version/s: 7.2.1
• Component/s: None
• Labels:

  • CVE-2021-26067
  • advisory
  • advisory-released
  • dont-import
  • security

[BAM-21215] Accessing the URL /chart?filename=<file_name> exposes sensitive information - CVE-2021-26067

Security Metrics Bot made changes - 16/Sep/2021 5:28 AM

CVE ID

New: CVE-2021-26067

AB made changes - 28/Jan/2021 1:45 AM

Labels

Original: advisory advisory-released dont-import security

New: CVE-2021-26067 advisory advisory-released dont-import security

AB made changes - 28/Jan/2021 1:45 AM

Summary

Original: Accessing the URL /chart?filename=<file_name> exposes sensitive information - CVE-PENDING

New: Accessing the URL /chart?filename=<file_name> exposes sensitive information - CVE-2021-26067

AB made changes - 25/Jan/2021 3:56 AM

Security

Original: Atlassian Staff [ 10750 ]

AB made changes - 25/Jan/2021 3:56 AM

Resolution		New: Fixed [ 1 ]
Status	Original: Draft [ 12872 ]	New: Published [ 12873 ]

AB made changes - 25/Jan/2021 3:55 AM

Labels

Original: advisory advisory-to-release dont-import security

New: advisory advisory-released dont-import security

AB made changes - 25/Jan/2021 3:45 AM

Description

Original: Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the {{tmp}} directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions are before version 7.2.2.   *Affected versions:*  * version < 7.2.2 *Fixed versions:*  * 7.2.2

New: Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the {{tmp}} directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions are before version 7.2.2.  *Affected versions:*  * version < 7.2.2 *Fixed versions:*  * 7.2.2

AB made changes - 25/Jan/2021 3:45 AM

Description

Original: This vulnerability affects certain versions of Atlassian Dev Tools. Please describe the impact of the vulnerability here. No known vulnerability could be read off of the parent.

New: Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the {{tmp}} directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions are before version 7.2.2.   *Affected versions:*  * version < 7.2.2 *Fixed versions:*  * 7.2.2

AB made changes - 25/Jan/2021 3:30 AM

Summary

Original: Accessing the URL /chart?filename=<file_name> exposes sensitive information

New: Accessing the URL /chart?filename=<file_name> exposes sensitive information - CVE-PENDING

Security Metrics Bot made changes - 22/Jan/2021 5:27 PM

Labels

New: advisory advisory-to-release dont-import security

Security Metrics Bot created issue - 22/Jan/2021 5:27 PM