Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 5.10.0, 5.9.9
Affects Version/s: 2.4, 5.9.7
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Bamboo exposed services without first performing authentication checks. Attackers can use this vulnerability to extract confidential information from Bamboo, modify certain settings and manage build agents. To exploit this issue, attackers need to be able to access the Bamboo JMS port.

Affected versions:

All versions of Bamboo from 2.4 before 5.9.9 (the fixed version for 5.9.x) are affected by this vulnerability.

Fix:

Bamboo 5.10.0 is available for download from https://www.atlassian.com/software/bamboo/download.
Bamboo 5.9.9 is available for download from https://www.atlassian.com/software/bamboo/download-archives.

For additional details see the full advisory.

Attachments

Issue Links

is related to

BAM-17099 CVE-2014-9757: Deserialisation Through Smack Resulting in Remote Code Execution Vulnerability

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(4 mentioned in)

Activity

People

Assignee:: Przemek Bruski

Reporter:: Przemek Bruski

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 12/Jan/2016 3:59 AM

Updated:: 13/Nov/2019 11:55 PM

Resolved:: 12/Jan/2016 4:11 AM