-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
7.2.0, (22)
8.0.0, 7.2.1, 7.2.2, 7.2.6, 7.2.3, 7.2.4, 7.2.5, 8.0.1, 8.0.2, 8.0.3, 8.1.1, 8.0.4, 8.0.5, 7.2.7, 8.1.2, 8.2.0, 7.2.9, 8.1.3, 8.1.4, 8.2.1, 8.1.5, 7.2.10
-
Severity 3 - Minor
-
8.1
-
CVE-2021-31805
Vulnerability Description
Bamboo Server and Data Center use a version of Apache Struts that is vulnerable to double OGNL evaluation (CVE-2021-31805). This is due to an incomplete fix for CVE-2020-17530.
Affected Versions
- Versions < 7.2.10
- 8.0.x < 8.0.7
- 8.1.x < 8.1.6
- 8.2.x < 8.2.2
First fixed Versions
- 7.2.10
- 8.0.7
- 8.1.6
- 8.2.2
[BAM-21834] Bamboo Struts security vulnerability CVE-2021-31805
Remote Link | New: This issue links to "Page (Confluence)" [ 1005495 ] |
Affects Version/s | New: 8.0.0 [ 92814 ] | |
Affects Version/s | New: 7.2.6 [ 97897 ] | |
Affects Version/s | New: 7.2.4 [ 94832 ] | |
Affects Version/s | New: 8.0.1 [ 97707 ] | |
Affects Version/s | New: 8.0.2 [ 97610 ] | |
Affects Version/s | New: 8.0.3 [ 97895 ] | |
Affects Version/s | New: 8.1.1 [ 97096 ] | |
Affects Version/s | New: 8.0.4 [ 98008 ] | |
Affects Version/s | New: 8.0.5 [ 98593 ] | |
Affects Version/s | New: 7.2.7 [ 98692 ] | |
Affects Version/s | New: 8.2.0 [ 99297 ] | |
Affects Version/s | New: 7.2.9 [ 99894 ] | |
Affects Version/s | New: 8.1.3 [ 99896 ] | |
Affects Version/s | New: 8.1.4 [ 100291 ] | |
Affects Version/s | New: 8.2.1 [ 100298 ] | |
Affects Version/s | New: 8.1.5 [ 100592 ] | |
Affects Version/s | New: 7.2.10 [ 102206 ] |
Affects Version/s | New: 7.2.0 [ 92133 ] | |
Affects Version/s | New: 7.2.1 [ 93499 ] | |
Affects Version/s | New: 7.2.2 [ 93603 ] | |
Affects Version/s | New: 7.2.3 [ 94707 ] | |
Affects Version/s | New: 7.2.5 [ 95291 ] |
Security | Original: Reporter and Atlassian Staff [ 10751 ] | |
Status | Original: Draft [ 12872 ] | New: Published [ 12873 ] |
Fix Version/s | New: 7.2.10 [ 102206 ] |
Description |
Original:
h3. Issue Summary
Apache Struts 2.0.0 to 2.5.29 is vulnerable to CVE-2021-31805 (https://nvd.nist.gov/vuln/detail/CVE-2021-31805\), which is a critical vulnerability with CVSS score 9.8 h3. Steps to Reproduce ref: https://nvd.nist.gov/vuln/detail/CVE-2021-31805\ |
New:
h3. Vulnerability Description
Bamboo Server and Data Center use a version of Apache Struts that is vulnerable to double OGNL evaluation ([CVE-2021-31805|https://www.cve.org/CVERecord?id=CVE-2021-31805]). This is due to an incomplete fix for [CVE-2020-17530|https://www.cve.org/CVERecord?id=CVE-2020-17530]. h3. Affected Versions * Versions < 7.2.10 * 8.0.x < 8.0.7 * 8.1.x < 8.1.6 * 8.2.x < 8.2.2 h3. First fixed Versions * 7.2.10 * 8.0.7 * 8.1.6 * 8.2.2 |
Labels | New: CVE-2021-31805 advisory dont-import |
CVE ID | New: CVE-2021-31805 |
CVSS Score | New: 8.1 | |
Workflow | Original: JAC Bug Workflow v3 [ 4288903 ] | New: JAC Public Security Vulnerability Workflow v2 [ 4290067 ] |
Issue Type | Original: Bug [ 1 ] | New: Public Security Vulnerability [ 10700 ] |
Status | Original: Closed [ 6 ] | New: Draft [ 12872 ] |
Remote Link | New: This issue links to "Page (Confluence)" [ 668596 ] |