Bamboo Struts security vulnerability CVE-2021-31805

XMLWordPrintable

    • Type: Public Security Vulnerability
    • Resolution: Fixed
    • Priority: Low
    • 8.0.7, 8.2.2, 8.1.6, 7.2.10
    • Affects Version/s: 7.2.0, 8.0.0, 7.2.1, 7.2.2, 7.2.6, 7.2.3, 7.2.4, 7.2.5, 8.0.1, 8.0.2, 8.0.3, 8.1.1, 8.0.4, 8.0.5, 7.2.7, 8.1.2, 8.2.0, 7.2.9, 8.1.3, 8.1.4, 8.2.1, 8.1.5, 7.2.10
    • Component/s: Security
    • Severity 3 - Minor
    • 8.1
    • CVE-2021-31805

      Vulnerability Description

      Bamboo Server and Data Center use a version of Apache Struts that is vulnerable to double OGNL evaluation (CVE-2021-31805). This is due to an incomplete fix for CVE-2020-17530.

      Affected Versions

      • Versions < 7.2.10
      • 8.0.x < 8.0.7
      • 8.1.x < 8.1.6
      • 8.2.x < 8.2.2

      First fixed Versions

      • 7.2.10
      • 8.0.7
      • 8.1.6
      • 8.2.2

            Assignee:
            Anik Sengupta
            Reporter:
            Anik Sengupta
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: