[BAM-15427] OGNL Double Evaluation Vulnerability

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 5.7.1, 5.7.2, 5.6.3
Affects Version/s: 5.7.0
Component/s: None
Labels:
- advisory
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

We have discovered and fixed a vulnerability in our fork of one of Apache Struts libraries. Attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Bamboo web interface.

All versions of Bamboo up to and including 5.7 are affected by this vulnerability.

The vulnerability has been fixed in recent releases 5.7.1 and 5.7.2.

For additional details see the full advisory.

has requirement: MKT-13295 Failed to load

mentioned in: Bamboo Security Advisory 2015-01-21; Page No Confluence page found with the given URL.; Page No Confluence page found with the given URL.; Page No Confluence page found with the given URL.; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(13 mentioned in)

Form Name

Monique Khairuliana (Inactive) made changes - 19/Aug/2019 2:01 AM

Workflow	Original: Bamboo Workflow 2016 v1 - Restricted [ 1433097 ]	New: JAC Bug Workflow v3 [ 3382355 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Rachel Robins made changes - 01/Dec/2016 1:02 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 235544 ]

New: This issue links to "Page (Atlassian Documentation)" [ 235544 ]

Rachel Robins made changes - 01/Dec/2016 12:54 AM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 235544 ]

Rachel Robins made changes - 30/Nov/2016 10:04 PM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 235210 ]

New: This issue links to "Page (Atlassian Documentation)" [ 235210 ]

Rachel Robins made changes - 30/Nov/2016 9:51 PM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 235210 ]

Michalina made changes - 19/Oct/2016 11:07 PM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 216780 ]

New: This issue links to "Page (Atlassian Documentation)" [ 216780 ]

Michalina made changes - 19/Oct/2016 10:57 PM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 216780 ]

Michalina made changes - 19/Oct/2016 10:49 PM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 216849 ]

New: This issue links to "Page (Atlassian Documentation)" [ 216849 ]

Michalina made changes - 19/Oct/2016 10:39 PM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 216849 ]

Michalina made changes - 23/Aug/2016 5:54 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 196553 ]

New: This issue links to "Page (Atlassian Documentation)" [ 196553 ]

Assignee:: Unassigned

Reporter:: David Black

Affected customers:: 0 This affects my team

Watchers:: 5 Start watching this issue

Created:: 09/Jan/2015 12:26 AM

Updated:: 19/Aug/2019 2:01 AM

Resolved:: 21/Jan/2015 4:39 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates