|Number of vulnerabilities||1|
|CVE ID|| CVE-2017-18080
|CWE ID|| CWE-352
|Public exploit||Not available|
|Vulnerable software versions||
Atlassian Bamboo 6.3.0
The vulnerability allows a remote unauthenticated attacker to perform CSRF attack.
The weakness exists due to improper validation of user-supplied input by the saveConfigureSecurity resource. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions.
Update to version 6.3.1