Synopsis
The remote Bamboo server is affected by multiple attack vectors.
Description
Versions of Bamboo 5.9.x prior to 5.9.9 are affected by multiple vulnerabilities :
- A flaw is triggered when deserializing user input. This may allow a remote attacker to execute arbitrary code.
- A flaw exists due to the program failing to perform authentication checks before exposing certain services. This may allow a remote attacker to gain access to credential information, modify certain settings, and manage build agents.
- A flaw exists in the 'Smack XMPP' library that is triggered during the handling of the deserialization of messages. This may allow a remote attacker to execute arbitrary code.
Solution
Upgrade to Bamboo 5.9.x version 5.9.9 or later.