Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-3239

REST API updateAndBuild.action can be abused if no IP address is specified

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Obsolete
    • None
    • REST API
    • None
    • 0
    • 1

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      currently no authorization is required - updateAndBuild.action is designed to work with repository scripts to push builds from the repository server. It is not designed to be used by 'users' from a random IP address. Thus the IP address of the repository has to be specified to make this command api call safe. Otherwise it is not safe and can be abused. The IP address field should not be optional. It should be dedicated to the repository IP address to avoid a possible remote attack.

            [BAM-3239] REST API updateAndBuild.action can be abused if no IP address is specified

            Katherine Yabut made changes -
            Workflow Original: JAC Suggestion Workflow [ 3014254 ] New: JAC Suggestion Workflow 3 [ 3605683 ]
            Status Original: RESOLVED [ 5 ] New: Closed [ 6 ]
            Krystian Brazulewicz made changes -
            Resolution New: Obsolete [ 11 ]
            Status Original: Gathering Interest [ 11772 ] New: Resolved [ 5 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing v4 [ 2700246 ] New: JAC Suggestion Workflow [ 3014254 ]
            Krystian Brazulewicz made changes -
            UIS New: 0
            SET Analytics Bot made changes -
            Support reference count New: 1
            Owen made changes -
            Backlog Order (Obsolete) Original: 8260000000
            Issue Type Original: Improvement [ 4 ] New: Suggestion [ 10000 ]
            Owen made changes -
            Status Original: Not Being Considered [ 11776 ] New: Gathering Interest [ 11772 ]
            Owen made changes -
            Status Original: Gathering Interest [ 11772 ] New: Not Being Considered [ 11776 ]
            Owen made changes -
            Workflow Original: Bamboo Workflow 2016 v1 [ 1414125 ] New: Confluence Workflow - Public Facing v4 [ 2700246 ]
            Status Original: Open [ 1 ] New: Gathering Interest [ 11772 ]
            Marek Went (Inactive) made changes -
            Workflow Original: Bamboo Workflow 2014 v2 [ 615911 ] New: Bamboo Workflow 2016 v1 [ 1414125 ]

              Unassigned Unassigned
              ukuhnhardt Ulrich Kuhnhardt [Atlassian]
              Votes:
              1 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: