Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Atlassian Bamboo Server 5.9.x < 5.9.9 Multiple Vulnerabilities

High

Synopsis

The remote Bamboo server is affected by multiple attack vectors.

Description

Versions of Bamboo 5.9.x prior to 5.9.9 are affected by multiple vulnerabilities :

- A flaw is triggered when deserializing user input. This may allow a remote attacker to execute arbitrary code. (OSVDB 133433) - A flaw exists due to the program failing to perform authentication checks before exposing certain services. This may allow a remote attacker to gain access to credential information, modify certain settings, and manage build agents. (OSVDB 133434) - A flaw exists in the 'Smack XMPP' library that is triggered during the handling of the deserialization of messages. This may allow a remote attacker to execute arbitrary code. (OSVDB 133435)

Solution

Upgrade to Bamboo 5.9.x version 5.9.9 or later.