Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 5.2.2
Affects Version/s: None
Component/s: None
Labels:
- advisory
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

We have identified and fixed a vulnerability in Bamboo which allowed unauthenticated users to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to your Bamboo web interface.

A Bamboo server is only vulnerable if it has been configured to be a part of an Application link with Trusted Applications authentication. This is not the default configuration.

The vulnerability affects all supported versions of Bamboo up to and including 5.2.1. It has been fixed in 5.2.2.

For more information, see our security advisory.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

patch_bamboo_5_2_1.tar.gz
178 kB
08/Dec/2013 9:28 PM
patch_bamboo_5_1_1.tar.gz
178 kB
08/Dec/2013 9:28 PM
patch_bamboo_5_0_1.tar.gz
178 kB
08/Dec/2013 9:28 PM

Issue Links

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(16 mentioned in)

Activity

People

Assignee:: Unassigned

Reporter:: Renan Battaglin

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 21/Nov/2013 5:20 AM

Updated:: 05/Jan/2023 10:32 AM

Resolved:: 21/Nov/2013 11:46 PM