Java Code Execution Vulnerability in Atlassian Bamboo
CVE-2015-8360

9.8CRITICAL

Key Information:

Vendor
Atlassian
Status
Bamboo
Vendor
CVE Published:
8 February 2016

Summary

A vulnerability exists in Atlassian Bamboo prior to version 5.9.9 and in version 5.10.x before 5.10.0 that enables remote attackers to execute arbitrary Java code. This security flaw occurs through the deserialization of untrusted data sent to the JMS port, potentially allowing unauthorized access to sensitive operations. It is essential for users of affected versions to apply the necessary updates to mitigate this risk.

References

http://www.securityfocus.com/archive/1/537347/100/0/threaded
mailing-listx_refsource_BUGTRAQ
https://jira.atlassian.com/browse/BAM-17101
x_refsource_CONFIRM
https://confluence.atlassian.com/bamboo/bamboo-security-a...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.