Uploaded image for project: 'Bamboo'
  1. Bamboo
  2. BAM-11316

Bamboo XML Vulnerability

    XMLWordPrintable

    Details

      Description

      We have identified and fixed a vulnerability in Bamboo that results from the way third-party XML parsers are used in Bamboo.

      This vulnerability allows an attacker to:

      • Execute denial of service attacks against the Bamboo server, and
      • Read all local files readable to the system user under which Bamboo runs.

      The attacker needs to have an account with the affected Bamboo server instance and be able to log in in order to execute the attack.

      All versions of Bamboo up to and including 3.4.4 are affected.

      Full details of the severity, risks and vulnerability can be found in the Bamboo Security Advisory 2012-05-17.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Last commented:
                  7 years, 5 weeks, 3 days ago