Synopsis
The remote Bamboo server is affected by a remote code execution (RCE) vulnerability.
Description
Versions of Bamboo 5.12.x prior to 5.12.3.1 contain a Java object deserialization flaw that is triggered when handling certain input from build agents. This may allow a remote attacker to potentially execute arbitrary code.
Solution
Upgrade to Bamboo 5.12.x version 5.12.3.1 or later.