[BAM-11316] Bamboo XML Vulnerability

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 3.3.4, 3.4.5, 4.0
Affects Version/s: 3.4.4
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

We have identified and fixed a vulnerability in Bamboo that results from the way third-party XML parsers are used in Bamboo.

This vulnerability allows an attacker to:

Execute denial of service attacks against the Bamboo server, and
Read all local files readable to the system user under which Bamboo runs.

The attacker needs to have an account with the affected Bamboo server instance and be able to log in in order to execute the attack.

All versions of Bamboo up to and including 3.4.4 are affected.

Full details of the severity, risks and vulnerability can be found in the Bamboo Security Advisory 2012-05-17.

mentioned in: Bamboo Security Advisory 2012-05-17; Page No Confluence page found with the given URL.; Page No Confluence page found with the given URL.; Page No Confluence page found with the given URL.; Page No Confluence page found with the given URL.; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Page Loading...

(24 mentioned in)

Jacek Krawczyk (Inactive) made changes - 05/Jan/2023 10:32 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 717123 ]

Jacek Krawczyk (Inactive) made changes - 21/Dec/2022 3:59 PM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 717123 ]

Jacek Krawczyk (Inactive) made changes - 16/Dec/2022 5:16 PM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 715528 ]

Jacek Krawczyk (Inactive) made changes - 16/Dec/2022 4:26 PM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 715528 ]

Monique Khairuliana (Inactive) made changes - 19/Aug/2019 2:03 AM

Workflow	Original: Bamboo Workflow 2016 v1 - Restricted [ 1442875 ]	New: JAC Bug Workflow v3 [ 3384202 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Rachel Robins made changes - 01/Dec/2016 1:02 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 235434 ]

New: This issue links to "Page (Atlassian Documentation)" [ 235434 ]

Rachel Robins made changes - 01/Dec/2016 12:54 AM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 235434 ]

Rachel Robins made changes - 30/Nov/2016 10:04 PM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 235209 ]

New: This issue links to "Page (Atlassian Documentation)" [ 235209 ]

Rachel Robins made changes - 30/Nov/2016 9:51 PM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 235209 ]

Michalina made changes - 19/Oct/2016 11:07 PM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 216779 ]

New: This issue links to "Page (Atlassian Documentation)" [ 216779 ]

Assignee:: VitalyA

Reporter:: paulwatson (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 26/Mar/2012 4:53 AM

Updated:: 05/Jan/2023 10:32 AM

Resolved:: 07/May/2012 1:12 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates