Upgrade Tomcat to fix CVE-2024-23672 and CVE-2024-24549

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Medium
    • 9.6.1, 9.2.13, 9.5.3
    • Affects Version/s: 9.2.9
    • Component/s: Security
    • None
    • 3
    • Severity 2 - Major

      Issue Summary

      Apache Tomcat should be upgraded to  9.0.86 or a later version to fix

      CVE-2024-23672
      CVE-2024-24549

      Steps to Reproduce

      • Check the Apache Tomcat version on pom.xml or <bamboo-install>/bin/version.sh/bat

      Expected Results

      • Bamboo 9.x: apache-tomcat.9.0.86 and later

      Actual Results

      • Bamboo 9.x: apache-tomcat.9.0.83

      Workaround

      N/A

            Assignee:
            Alexey Chystoprudov
            Reporter:
            Chris Berry (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: