We have identified and fixed a vulnerability in Bamboo caused by a combination of issues in third-party libraries, including FreeMarker template library, used in Bamboo.

      All versions of Bamboo from 3.0 up are affected.

      This issue is reported in our security advisory on this page:
      http://confluence.atlassian.com/x/MgFTE

      The vulnerability is related to the previously disclosed FreeMarker issue.

            [BAM-10628] Arbitrary file disclosure vulnerability

            MarkC added a comment - - edited

            A binary patch is available:

            1. Copy freemarker-2.3.16-atlassian-11.jar to WEB-INF/lib
            2. Move the existing freemarker jar to a backed up location
            3. Restart Bamboo

            This patch works for all Bamboo versions starting from 3.0

            MarkC added a comment - - edited A binary patch is available: Copy freemarker-2.3.16-atlassian-11.jar to WEB-INF/lib Move the existing freemarker jar to a backed up location Restart Bamboo This patch works for all Bamboo versions starting from 3.0

              vosipov VitalyA
              pwatson paulwatson (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: