[BAM-17102] CVE-2015-8361: Services exposed without authentication Vulnerability

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 5.10.0, 5.9.9
Affects Version/s: 2.4, 5.9.7
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Bamboo exposed services without first performing authentication checks. Attackers can use this vulnerability to extract confidential information from Bamboo, modify certain settings and manage build agents. To exploit this issue, attackers need to be able to access the Bamboo JMS port.

Affected versions:

All versions of Bamboo from 2.4 before 5.9.9 (the fixed version for 5.9.x) are affected by this vulnerability.

Fix:

Bamboo 5.10.0 is available for download from https://www.atlassian.com/software/bamboo/download.
Bamboo 5.9.9 is available for download from https://www.atlassian.com/software/bamboo/download-archives.

For additional details see the full advisory.

is related to

BAM-17099 CVE-2014-9757: Deserialisation Through Smack Resulting in Remote Code Execution Vulnerability

Closed

mentioned in: Bamboo Security Advisory 2016-01-20; Bamboo Security Advisory 2016-01-20; Page No Confluence page found with the given URL.; Bamboo Security Advisory 2016-01-20; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(4 mentioned in)

There are no comments yet on this issue.

Assignee:: Przemek Bruski

Reporter:: Przemek Bruski

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 12/Jan/2016 3:59 AM

Updated:: 13/Nov/2019 11:55 PM

Resolved:: 12/Jan/2016 4:11 AM

Bamboo Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates