[BAM-17102] CVE-2015-8361: Services exposed without authentication Vulnerability

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 5.10.0, 5.9.9
Affects Version/s: 2.4, 5.9.7
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Bamboo exposed services without first performing authentication checks. Attackers can use this vulnerability to extract confidential information from Bamboo, modify certain settings and manage build agents. To exploit this issue, attackers need to be able to access the Bamboo JMS port.

Affected versions:

All versions of Bamboo from 2.4 before 5.9.9 (the fixed version for 5.9.x) are affected by this vulnerability.

Fix:

Bamboo 5.10.0 is available for download from https://www.atlassian.com/software/bamboo/download.
Bamboo 5.9.9 is available for download from https://www.atlassian.com/software/bamboo/download-archives.

For additional details see the full advisory.

is related to

BAM-17099 CVE-2014-9757: Deserialisation Through Smack Resulting in Remote Code Execution Vulnerability

Closed

mentioned in: Bamboo Security Advisory 2016-01-20; Bamboo Security Advisory 2016-01-20; Page No Confluence page found with the given URL.; Bamboo Security Advisory 2016-01-20; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(4 mentioned in)

David Black made changes - 13/Nov/2019 11:55 PM

Labels

Original: CVE-2015-8361 advisory cvss-critical da-security security

New: CVE-2015-8361 advisory cvss-critical da-security improper-authorization security

Monique Khairuliana (Inactive) made changes - 19/Aug/2019 2:03 AM

Workflow	Original: Bamboo Workflow 2016 v1 - Restricted [ 1443791 ]	New: JAC Bug Workflow v3 [ 3383937 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Rachel Robins made changes - 01/Dec/2016 1:02 AM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 235546 ]

New: This issue links to "Page (Atlassian Documentation)" [ 235546 ]

Rachel Robins made changes - 01/Dec/2016 12:54 AM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 235546 ]

Rachel Robins made changes - 30/Nov/2016 10:04 PM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 235303 ]

New: This issue links to "Page (Atlassian Documentation)" [ 235303 ]

Rachel Robins made changes - 30/Nov/2016 9:51 PM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 235303 ]

Michalina made changes - 19/Oct/2016 11:06 PM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 216865 ]

New: This issue links to "Page (Atlassian Documentation)" [ 216865 ]

Michalina made changes - 19/Oct/2016 10:57 PM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 216865 ]

Michalina made changes - 19/Oct/2016 10:48 PM

Remote Link

Original: This issue links to "Page (Atlassian Documentation)" [ 216844 ]

New: This issue links to "Page (Atlassian Documentation)" [ 216844 ]

Michalina made changes - 19/Oct/2016 10:39 PM

Remote Link

New: This issue links to "Page (Atlassian Documentation)" [ 216844 ]

Assignee:: Przemek Bruski

Reporter:: Przemek Bruski

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 12/Jan/2016 3:59 AM

Updated:: 13/Nov/2019 11:55 PM

Resolved:: 12/Jan/2016 4:11 AM

Bamboo Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates