Is bamboo vulnerable to CVE-2024-53677

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Fixed
    • 11.0.0
    • Component/s: Security
    • None
    • 1

      See title.  My company's automatic vulnerability scanning has been flagging the following file in my download of Atlassian bamboo DC 10.2.1

      atlassian-bamboo\web-inf\lib\struts2-core-2.5.33-atlassian-1.jar

      https://www.herodevs.com/vulnerability-directory/cve-2024-53677

      The vulnerability is listed as critical, but I don't see any reference to it in any security bulletins put out by Atlassian.   Has bamboo been checked against this vulnerability?  Is there any possibility of updating the version to appease security scanners?

            Assignee:
            Unassigned
            Reporter:
            Warren Spencer
            Votes:
            3 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: