The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.
[
{
"product": "Bamboo",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "prior to 6.3.1"
}
]
}
]