We couldn't load all Actvitity tabs. Refresh the page to try again.
If the problem persists, contact your Jira admin.
IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.

      Issue Summary

      Bamboo relies on ActiveMQ libraries version <= 5.16.6 or <=5.18.2 which are affected by CVE-2023-46604.

      An official advisory has been released. Please check CVE-2023-46604 - Apache ActiveMQ RCE Vulnerability impacts Bamboo Data Center and Server and the FAQ for details.

      Steps to Reproduce

      On the Bamboo instance, validate the ActiveMQ library versions in <bamboo-install>/atlassian-bamboo/WEB-INF/lib:

      $ ls -al /opt/atlassian/bamboo/atlassian-bamboo/WEB-INF/lib# ls | grep activemq-
      activemq-broker-5.18.2.jar
      activemq-client-5.18.2.jar
      activemq-http-5.18.2.jar
      activemq-jms-pool-5.18.2.jar
      activemq-kahadb-store-5.18.2.jar
      activemq-openwire-legacy-5.18.2.jar
      activemq-pool-5.18.2.jar
      activemq-protobuf-1.1.jar
      activemq-ra-5.18.2.jar
      activemq-spring-5.18.2.jar
      

      Expected Results

      The updated ActiveMQ library version is >= 5.16.7 or >= 5.18.3

      Actual Results

      The ActiveMQ library version is <= 5.16.6 or <=5.18.2

      Workaround

      Make sure that Bamboo is behind a firewall/VPC and allows connections to its ActiveMQ broker port only from trusted Agents.

            Loading...
            IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.

                Issue Summary

                Bamboo relies on ActiveMQ libraries version <= 5.16.6 or <=5.18.2 which are affected by CVE-2023-46604.

                An official advisory has been released. Please check CVE-2023-46604 - Apache ActiveMQ RCE Vulnerability impacts Bamboo Data Center and Server and the FAQ for details.

                Steps to Reproduce

                On the Bamboo instance, validate the ActiveMQ library versions in <bamboo-install>/atlassian-bamboo/WEB-INF/lib:

                $ ls -al /opt/atlassian/bamboo/atlassian-bamboo/WEB-INF/lib# ls | grep activemq-
                activemq-broker-5.18.2.jar
                activemq-client-5.18.2.jar
                activemq-http-5.18.2.jar
                activemq-jms-pool-5.18.2.jar
                activemq-kahadb-store-5.18.2.jar
                activemq-openwire-legacy-5.18.2.jar
                activemq-pool-5.18.2.jar
                activemq-protobuf-1.1.jar
                activemq-ra-5.18.2.jar
                activemq-spring-5.18.2.jar
                

                Expected Results

                The updated ActiveMQ library version is >= 5.16.7 or >= 5.18.3

                Actual Results

                The ActiveMQ library version is <= 5.16.6 or <=5.18.2

                Workaround

                Make sure that Bamboo is behind a firewall/VPC and allows connections to its ActiveMQ broker port only from trusted Agents.

                        achystoprudov Alexey Chystoprudov
                        a3e6629b6e9d Giovanna Fragoso
                        Votes:
                        4 Vote for this issue
                        Watchers:
                        13 Start watching this issue

                          Created:
                          Updated:
                          Resolved:

                            achystoprudov Alexey Chystoprudov
                            a3e6629b6e9d Giovanna Fragoso
                            Affected customers:
                            4 This affects my team
                            Watchers:
                            13 Start watching this issue

                              Created:
                              Updated:
                              Resolved: