-
Bug
-
Resolution: Fixed
-
Medium
-
n/a
-
7
-
Severity 2 - Major
-
4
-
Issue Summary
Apache Tomcat should be upgraded to 9.0.75+ or a later version to fix CVE-2023-34981
Bamboo is not vulnerable to this issue as it does not bundle Apache Tomcat 9.0.74 on any of its releases.
This is an informational ticket to inform customers about the underlying CVE.
Environment
- Bamboo 9
Steps to Reproduce
- Check the Apache Tomcat version on pom.xml or <bamboo-install>/bin/version.sh/bat
Expected Results
- Bamboo 9.x: apache-tomcat 9.0.75 or later
Actual Results
- Bamboo 9.x: apache-tomcat 9.0.74
[BAM-22330] Upgrade Tomcat to fix CVE-2023-34981
| Remote Link | New: This issue links to "Page (Confluence)" [ 1005635 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 880521 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 872601 ] |
| Remote Link | Original: This issue links to "Page (Confluence)" [ 805933 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 805933 ] |
| Labels | Original: CVE-2023-34981 security security-imported | New: CVE-2023-34981 resolved-in-vf security security-imported |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Waiting for Release [ 12075 ] | New: Closed [ 6 ] |
| Support reference count | Original: 6 | New: 7 |
| UIS | New: 4 |
| Support reference count | Original: 5 | New: 6 |