-
Suggestion
-
Resolution: Fixed
-
None
Please advise whether following vulnerability affecting Bamboo?
Apache has released an update to address a vulnerability affecting Tomcat. Successful exploitation of the vulnerability may allow an attacker to perform Denial-of-Service (DoS) and/or obtain sensitive information on a vulnerable system.
Vulnerability Information | ||||
CVE | CVSS Base Score | GITSIR’s Rating* | Product Name | Version |
CVE-2020-17527 | Not Available | Not Available | Apache Tomcat | Apache Tomcat 10.0.0-M1 to 10.0.0-M9 Apache Tomcat 9.0.0.M5 to 9.0.39 Apache Tomcat 8.5.1 to 8.5.59 |
GITSIR’s Rating* | CVSS Base Score ![]() |
High | x >= 8.0 |
Medium | 4.0 <= x < 8.0 |
Low | x < 4.0 |
[BAM-21185] CVE-2020-17527 - Does this vulnerability affecting Bamboo?
Resolution | New: Fixed [ 1 ] | |
Status | Original: Waiting for Release [ 12075 ] | New: Closed [ 6 ] |
Status | Original: In Progress [ 3 ] | New: Waiting for Release [ 12075 ] |
Status | Original: Gathering Interest [ 11772 ] | New: In Progress [ 3 ] |
Fix Version/s | New: 7.2.4 [ 94832 ] |
1e1174f2f39a Bamboo doesn't use HTTP/2 by default but user can configure Tomcat to use it. So Bamboo is not vulnerable by default, but might be affected if HTTP/2 is configured by admin.