[BAM-10627] Code injection vulnerability

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 3.3.4, 3.4.3
Affects Version/s: None
Component/s: Security
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

We have identified and fixed a code injection vulnerability in Bamboo caused by an underlying vulnerability in the third-party Webwork 2 framework.

All versions of Bamboo from 3.0 up are affected.

This issue is reported in our security advisory on this page:
http://confluence.atlassian.com/x/MgFTE

This vulnerability is a variant of a recently disclosed Struts2 vulnerability.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

SimpleConversionErrorInterceptor.zip
3 kB
17/Jan/2012 6:46 AM

Monique Khairuliana (Inactive) made changes - 19/Aug/2019 1:58 AM

Workflow	Original: Bamboo Workflow 2016 v1 - Restricted [ 1435408 ]	New: JAC Bug Workflow v3 [ 3379492 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

David Black made changes - 30/Aug/2017 4:18 AM

Labels

Original: advisory cvss-critical security

New: advisory advisory-released cvss-critical security

Owen made changes - 07/Jul/2016 3:48 AM

Workflow

Original: Bamboo Workflow 2016 v1 [ 1410107 ]

New: Bamboo Workflow 2016 v1 - Restricted [ 1435408 ]

Marek Went (Inactive) made changes - 16/Jun/2016 10:18 AM

Workflow

Original: Bamboo Workflow 2014 v2 [ 610385 ]

New: Bamboo Workflow 2016 v1 [ 1410107 ]

Security Metrics Bot made changes - 22/Sep/2015 8:57 AM

Labels

Original: advisory security

New: advisory cvss-critical security

James Dumay made changes - 17/Jan/2014 12:01 AM

Workflow

Original: Bamboo Workflow 2014 [ 593054 ]

New: Bamboo Workflow 2014 v2 [ 610385 ]

James Dumay made changes - 15/Jan/2014 1:31 AM

Workflow

Original: Bamboo Workflow 2010 [ 360955 ]

New: Bamboo Workflow 2014 [ 593054 ]

VitalyA made changes - 31/Jan/2012 6:36 AM

Fix Version/s	Original: 4.0 M1 [ 22493 ]
Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

VitalyA made changes - 31/Jan/2012 6:36 AM

Fix Version/s

New: 4.0 M1 [ 22493 ]

VitalyA made changes - 31/Jan/2012 6:36 AM

Fix Version/s

Original: 4.0 M1 [ 22493 ]

Assignee:: VitalyA

Reporter:: paulwatson (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 17/Jan/2012 12:19 AM

Updated:: 19/Aug/2019 1:58 AM

Resolved:: 31/Jan/2012 6:36 AM

Details

Description

Attachments

Attachments

Forms

Activity

People

Dates