Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-10628

Arbitrary file disclosure vulnerability

XMLWordPrintable

      We have identified and fixed a vulnerability in Bamboo caused by a combination of issues in third-party libraries, including FreeMarker template library, used in Bamboo.

      All versions of Bamboo from 3.0 up are affected.

      This issue is reported in our security advisory on this page:
      http://confluence.atlassian.com/x/MgFTE

      The vulnerability is related to the previously disclosed FreeMarker issue.

        1. freemarker-2.3.16-atlassian-11.jar
          825 kB

            [BAM-10628] Arbitrary file disclosure vulnerability

            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Bamboo Workflow 2016 v1 - Restricted [ 1441994 ] New: JAC Bug Workflow v3 [ 3383085 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            David Black made changes -
            Labels Original: advisory cvss-critical security New: advisory advisory-released cvss-critical security
            Owen made changes -
            Workflow Original: Bamboo Workflow 2016 v1 [ 1418642 ] New: Bamboo Workflow 2016 v1 - Restricted [ 1441994 ]
            Marek Went (Inactive) made changes -
            Workflow Original: Bamboo Workflow 2014 v2 [ 610380 ] New: Bamboo Workflow 2016 v1 [ 1418642 ]
            Security Metrics Bot made changes -
            Labels Original: advisory security New: advisory cvss-critical security
            James Dumay made changes -
            Workflow Original: Bamboo Workflow 2014 [ 593049 ] New: Bamboo Workflow 2014 v2 [ 610380 ]
            James Dumay made changes -
            Workflow Original: Bamboo Workflow 2010 [ 360957 ] New: Bamboo Workflow 2014 [ 593049 ]
            VitalyA made changes -
            Description Original: We have identified and fixed a vulnerability in Bamboo caused by an underlying vulnerability in the third-party FreeMarker template library used in Bamboo.

            All versions of Bamboo from 3.0 up are affected.

            This issue is reported in our security advisory on this page:
            http://confluence.atlassian.com/x/MgFTE

            The vulnerability is related to the [previously disclosed|http://freemarker.sourceforge.net/docs/versions_2_3_17.html#autoid_137] FreeMarker issue.             		New: We have identified and fixed a vulnerability in Bamboo caused by a combination of issues in third-party libraries, including FreeMarker template library, used in Bamboo.

            All versions of Bamboo from 3.0 up are affected.

            This issue is reported in our security advisory on this page:
            http://confluence.atlassian.com/x/MgFTE

            The vulnerability is related to the [previously disclosed|http://freemarker.sourceforge.net/docs/versions_2_3_17.html#autoid_137] FreeMarker issue.
            VitalyA made changes -
            Fix Version/s New: 4.0 M1 [ 22493 ]
            VitalyA made changes -
            Security Original: Reporters and Developers [ 10070 ]

              vosipov VitalyA
              pwatson paulwatson (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: