-
Type:
Public Security Vulnerability
-
Resolution: Fixed
-
Priority:
High
-
Affects Version/s: 10.0.0, 10.1.0, 10.2.0, 11.0.0, 10.2.1, 10.2.2, 10.2.3, 12.0.0, 10.2.4, 10.2.5, 10.2.6, 10.2.7, 12.1.0, 10.2.8, 10.2.9, 10.2.10, 10.2.11, 10.2.12, 12.1.1, 10.2.13, 10.2.14, 10.2.15, 12.1.2, 12.1.3, 10.2.16, 10.2.18, 12.1.6, 10.2.17
-
Component/s: None
-
8.9
-
High
-
CVE-2026-5598
-
Atlassian (Internal)
-
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/S:P/AU:Y/U:Red
-
Bamboo Data Center
This High severity Information Disclosure vulnerability was introduced in versions 10.0.0, 10.1.1, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center.
This Information Disclosure vulnerability, with a CVSS Score of 8.9 and a CVSS Vector of
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/S:P/AU:Y/U:Red
Atlassian recommends that Bamboo Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:
- Bamboo Data Center 10.2: Upgrade to a release greater than or equal to 10.2.19
- Bamboo Data Center 12.1: Upgrade to a release greater than or equal to 12.1.7
See the release notes (https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html). You can download the latest version of Bamboo Data Center from the download center (https://www.atlassian.com/software/bamboo/download-archives).