Atlassian Bamboo < 6.0.0 OAuth plugin allows arbitrary HTTP requests to be proxied
Medium Nessus Plugin ID 110769
SynopsisThe remote web server hosts a web application is affected by an internal network resource disclosure (CSRF) vulnerability.
DescriptionAccording to its self-reported version number, the instance of Atlassian Bamboo running on the remote host is prior to 6.0.0.
It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Atlassian Bamboo version 6.0.0 or later.