[BAM-10628] Arbitrary file disclosure vulnerability

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 3.3.4, 3.4.3, 4.0 M1
Affects Version/s: None
Component/s: Security
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

We have identified and fixed a vulnerability in Bamboo caused by a combination of issues in third-party libraries, including FreeMarker template library, used in Bamboo.

All versions of Bamboo from 3.0 up are affected.

This issue is reported in our security advisory on this page:
http://confluence.atlassian.com/x/MgFTE

The vulnerability is related to the previously disclosed FreeMarker issue.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

freemarker-2.3.16-atlassian-11.jar
825 kB
17/Jan/2012 6:43 AM

MarkC added a comment - 17/Jan/2012 6:26 AM - edited

A binary patch is available:

Copy freemarker-2.3.16-atlassian-11.jar to WEB-INF/lib
Move the existing freemarker jar to a backed up location
Restart Bamboo

This patch works for all Bamboo versions starting from 3.0

MarkC added a comment - 17/Jan/2012 6:26 AM - edited A binary patch is available: Copy freemarker-2.3.16-atlassian-11.jar to WEB-INF/lib Move the existing freemarker jar to a backed up location Restart Bamboo This patch works for all Bamboo versions starting from 3.0

Assignee:: VitalyA

Reporter:: paulwatson (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 17/Jan/2012 12:31 AM

Updated:: 19/Aug/2019 2:02 AM

Resolved:: 31/Jan/2012 6:35 AM

Bamboo Data Center

Details

Description

Attachments

Attachments

Forms

Activity

Collapse comment: MarkC added a comment - 17/Jan/2012 6:26 AM, Edited by VitalyA - 23/Jan/2012 3:16 AM

Expand comment: MarkC added a comment - 17/Jan/2012 6:26 AM, Edited by VitalyA - 23/Jan/2012 3:16 AM

People

Dates