Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-21834

Bamboo Struts security vulnerability CVE-2021-31805

    XMLWordPrintable

Details

    • Public Security Vulnerability
    • Resolution: Fixed
    • Low
    • 8.0.7, 8.2.2, 8.1.6, 7.2.10
    • 7.2.0, 8.0.0, 7.2.1, 7.2.2, 7.2.6, 7.2.3, 7.2.4, 7.2.5, 8.0.1, 8.0.2, 8.0.3, 8.1.1, 8.0.4, 8.0.5, 7.2.7, 8.1.2, 8.2.0, 7.2.9, 8.1.3, 8.1.4, 8.2.1, 8.1.5, 7.2.10
    • Security
    • Severity 3 - Minor
    • 8.1
    • CVE-2021-31805

    Description

      Vulnerability Description

      Bamboo Server and Data Center use a version of Apache Struts that is vulnerable to double OGNL evaluation (CVE-2021-31805). This is due to an incomplete fix for CVE-2020-17530.

      Affected Versions

      • Versions < 7.2.10
      • 8.0.x < 8.0.7
      • 8.1.x < 8.1.6
      • 8.2.x < 8.2.2

      First fixed Versions

      • 7.2.10
      • 8.0.7
      • 8.1.6
      • 8.2.2

      Attachments

        Issue Links

          mentioned in

          Page Loading...

          Page Loading...

          Activity

            People

              f84a05b06223 Anik Sengupta
              f84a05b06223 Anik Sengupta
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: