• Type: Bug
• Resolution: Fixed
• Priority: Medium
• Fix Version/s: 3.1.1, 3.2
• Affects Version/s: 2.4, 2.5, 2.6, 2.7, 3.0, 3.1
• Component/s: Security
• Labels:

  None

1. p4java-0.7.5-atlassian-6.jar

   124 kB

   27/Oct/2011 12:07 AM

[BAM-10030] OS command injection vulnerability in Perforce library

Monique Khairuliana (Inactive) made changes - 19/Aug/2019 1:58 AM

Workflow	Original: Bamboo Workflow 2016 v1 - Restricted [ 1435853 ]	New: JAC Bug Workflow v3 [ 3379850 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 07/Jul/2016 3:48 AM

Workflow

Original: Bamboo Workflow 2016 v1 [ 1408331 ]

New: Bamboo Workflow 2016 v1 - Restricted [ 1435853 ]

Marek Went (Inactive) made changes - 16/Jun/2016 10:18 AM

Workflow

Original: Bamboo Workflow 2014 v2 [ 608717 ]

New: Bamboo Workflow 2016 v1 [ 1408331 ]

James Dumay made changes - 17/Jan/2014 12:00 AM

Workflow

Original: Bamboo Workflow 2014 [ 598210 ]

New: Bamboo Workflow 2014 v2 [ 608717 ]

James Dumay made changes - 15/Jan/2014 1:33 AM

Workflow

Original: Bamboo Workflow 2010 [ 351516 ]

New: Bamboo Workflow 2014 [ 598210 ]

paulwatson (Inactive) made changes - 22/Nov/2011 6:07 AM

Security

Original: Reporters and Developers [ 10070 ]

VitalyA made changes - 03/Nov/2011 4:16 AM

Description

Original: We have identified and fixed an OS command injection vulnerability in the Perforce library used by Bamboo. * An attacker might take advantage of the vulnerability to execute arbitrary commands on a Bamboo server. This issue is reported in our security advisory on this page: http://confluence.atlassian.com/x/lwH6Dw You can read more about shell injection attacks at cgisecurity, CERT and other places on the web: * http://www.cgisecurity.com/xss-faq.html * http://www.cert.org/advisories/CA-2000-02.html

New: We have identified and fixed an OS command injection vulnerability in the third-party Perforce library used by Bamboo. * An attacker can take advantage of the vulnerability to execute arbitrary commands on a Bamboo server. This issue is reported in our security advisory on this page: http://confluence.atlassian.com/x/lwH6Dw Patch is available, see the attached file.

VitalyA made changes - 31/Oct/2011 6:27 AM

Description	Original: We have identified and fixed a shell injection vulnerability in the Perforce library used by Bamboo. * An attacker might take advantage of the vulnerability to execute arbitrary commands on a Bamboo server. This issue is reported in our security advisory on this page: http://confluence.atlassian.com/x/lwH6Dw You can read more about shell injection attacks at cgisecurity, CERT and other places on the web: * http://www.cgisecurity.com/xss-faq.html * http://www.cert.org/advisories/CA-2000-02.html	New: We have identified and fixed an OS command injection vulnerability in the Perforce library used by Bamboo. * An attacker might take advantage of the vulnerability to execute arbitrary commands on a Bamboo server. This issue is reported in our security advisory on this page: http://confluence.atlassian.com/x/lwH6Dw You can read more about shell injection attacks at cgisecurity, CERT and other places on the web: * http://www.cgisecurity.com/xss-faq.html * http://www.cert.org/advisories/CA-2000-02.html
Summary	Original: Shell injection vulnerability in Perforce library	New: OS command injection vulnerability in Perforce library

paulwatson (Inactive) made changes - 27/Oct/2011 12:08 AM

Attachment

Original: undefined [ 53971 ]

paulwatson (Inactive) made changes - 27/Oct/2011 12:07 AM

Attachment

New: p4java-0.7.5-atlassian-6.jar [ 53972 ]

Load more older history items