Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 5.10.0, 5.9.9
Affects Version/s: 2.4, 5.9.7
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Bamboo exposed services without first performing authentication checks. Attackers can use this vulnerability to extract confidential information from Bamboo, modify certain settings and manage build agents. To exploit this issue, attackers need to be able to access the Bamboo JMS port.

Affected versions:

All versions of Bamboo from 2.4 before 5.9.9 (the fixed version for 5.9.x) are affected by this vulnerability.

Fix:

Bamboo 5.10.0 is available for download from https://www.atlassian.com/software/bamboo/download.
Bamboo 5.9.9 is available for download from https://www.atlassian.com/software/bamboo/download-archives.

For additional details see the full advisory.

is related to

BAM-17099 CVE-2014-9757: Deserialisation Through Smack Resulting in Remote Code Execution Vulnerability

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(4 mentioned in)

Assignee:: Przemek Bruski

Reporter:: Przemek Bruski

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 12/Jan/2016 3:59 AM

Updated:: 13/Nov/2019 11:55 PM

Resolved:: 12/Jan/2016 4:11 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates