Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-22473

Upgrade Tomcat to fix CVE-2023-41080

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • 9.4.0, 9.2.5, 9.3.3
    • 9.1.3, 9.0.4, 9.2.4, 9.3.2
    • Security
    • None

      Problem

      Apache Tomcat should be upgraded to 9.0.80 or a later version to fix CVE-2023-41080

      Bamboo is not vulnerable to this issue as it does not use FORM authentication.

      This is an informational ticket to inform customers about the underlying CVE.

      Environment

      • Bamboo 9

      Steps to Reproduce

      • Check the Apache Tomcat version on pom.xml or <bamboo-install>/bin/version.sh/bat

      Expected Results

      • Bamboo 9.x: apache-tomcat 9.0.80 or later

      Actual Results

      • Bamboo 9.x: apache-tomcat 9.0.79 or lower

      Workaround

      At your own risk, you can manually upgrade Tomcat as instructed on this KB:

      WARNING: Unless still reproducible on official releases, Atlassian Support may refuse support requests for Bamboo running over unofficial Tomcat versions.

      Notes

              achystoprudov Alexey Chystoprudov
              3c48c27b7b24 Nhat Vu (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: