XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 6.7.0
Affects Version/s: None
Component/s: Security
Labels:
- no-cvss-required
- security

Support reference count:
4
Symptom Severity:
Severity 2 - Major
UIS:
1
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

A new RCE was reported in Struts2

https://semmle.com/news/apache-struts-CVE-2018-11776

Based on our investigation , Bamboo seems to be using a forked version of struts2.5.2 which is vulnerable to CVE-2018-11776. Users of Struts 2.3 are strongly advised to upgrade to 2.3.35; users of Struts 2.5 need to upgrade to 2.5.17.

Summary

Bamboo is not affected by CVE-2018-11776, but version 6.7.0 will have updated Struts version.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

Screen Shot 2018-08-23 at 01.50.53.png
435 kB
22/Aug/2018 11:54 PM

Issue Links

mentioned in: Page Loading...

PIR - Priority Action: PIR-2190 Loading...

relates to: BDEV-14784 Loading...; SECINT-5143 Loading...

Activity

People

Assignee:: Unassigned

Reporter:: hari

Votes:: 1 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 22/Aug/2018 8:54 PM

Updated:: 18/Aug/2020 3:40 AM

Resolved:: 30/Aug/2018 1:27 PM