Details
-
Bug
-
Resolution: Fixed
-
Low
-
None
-
4
-
Severity 2 - Major
-
1
-
Description
A new RCE was reported in Struts2
https://semmle.com/news/apache-struts-CVE-2018-11776
Based on our investigation , Bamboo seems to be using a forked version of struts2.5.2 which is vulnerable to CVE-2018-11776. Users of Struts 2.3 are strongly advised to upgrade to 2.3.35; users of Struts 2.5 need to upgrade to 2.5.17.
Summary
Bamboo is not affected by CVE-2018-11776, but version 6.7.0 will have updated Struts version.
Attachments
Issue Links
- mentioned in
-
Page Loading...
- PIR - Priority Action
-
PIR-2190 Loading...
- relates to
-
BDEV-14784 Loading...
-
SECINT-5143 Loading...