Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-22026

Upgrade Apache Tomcat to mitigate CVE-2022-42252 on Bamboo 8.x

XMLWordPrintable

      Issue Summary

      This is reproducible in Data Center:

      On Bamboo 8, Apache Tomcat should be upgraded to version 8.5.83 or later to mitigate CVE-2022-42252

      Environment

      Bamboo 8.0, 8.1, 8.2

      Steps to Reproduce

      1. Check Tomcat version on pom.xml or <bamboo-install>/bin/version.sh/bat

      Expected Results

      apache-tomcat 8.5.83+ is expected

      Actual Results

      apache-tomcat 8.5.82 or earlier is in use

      Workaround

      As stated in the CVE-2022-42252 announcement, either:

      WARNING: Unless still reproducible on official releases, Atlassian Support may refuse support requests for Bamboo running over unofficial Tomcat versions.

      Note

      Bamboo version 9 is NOT VULNERABLE to the issue as rejectIllegalHeader is set to true by default.

            [BAM-22026] Upgrade Apache Tomcat to mitigate CVE-2022-42252 on Bamboo 8.x

            Santhosh Thokur Raghava made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 1005612 ]
            Sylwester Jeruzal (Inactive) made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Waiting for Release [ 12075 ] New: Closed [ 6 ]
            SET Analytics Bot made changes -
            Support reference count Original: 3 New: 4
            Jyothi Charupalli made changes -
            Remote Link Original: This issue links to "Page (Confluence)" [ 718673 ]
            Jyothi Charupalli made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 718673 ]
            SET Analytics Bot made changes -
            Support reference count Original: 2 New: 3
            Marcin Gardias made changes -
            Status Original: In Progress [ 3 ] New: Waiting for Release [ 12075 ]
            Marcin Gardias made changes -
            Fix Version/s New: 8.2.7 [ 103096 ]
            Fix Version/s New: 8.1.11 [ 103095 ]
            Fix Version/s New: 8.0.12 [ 103094 ]
            SET Analytics Bot made changes -
            Support reference count Original: 1 New: 2
            Shashank Kumar made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 709047 ]

              mgardias Marcin Gardias
              73868399605e Eduardo Alvarenga
              Affected customers:
              0 This affects my team
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: