Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Medium
-
Resolution: Fixed
-
Affects Version/s: 2.4, 2.5, 2.6, 2.7, 3.0, 3.1
-
Component/s: Security
-
Labels:None
-
Bug Fix Policy:
Description
We have identified and fixed an OS command injection vulnerability in the third-party Perforce library used by Bamboo.
- An attacker can take advantage of the vulnerability to execute arbitrary commands on a Bamboo server.
This issue is reported in our security advisory on this page:
http://confluence.atlassian.com/x/lwH6Dw
Patch is available, see the attached file.