Remote Code Execution Vulnerability in Bamboo Data Center by Atlassian
CVE-2023-22506

8.8HIGH

Key Information:

Vendor: Atlassian
Status: Bamboo Data Center; Bamboo Server
Vendor: CVE Published:; 19 July 2023

What is CVE-2023-22506?

An injection and remote code execution vulnerability has been identified in Bamboo Data Center, allowing authenticated attackers to modify system calls and execute arbitrary code. This security flaw impacts the confidentiality, integrity, and availability of systems without requiring user interaction. Atlassian strongly advises updating to the latest version or at least to patched versions 9.2.3 or 9.3.1 to safeguard against potential exploits.

Affected Version(s)

Bamboo Data Center >= 8.0.0 < 8.0.0

Bamboo Server >= 8.0.0 < 8.0.0

Bamboo Data Center < 8.0.0 < 8.0.0

References

https://jira.atlassian.com/browse/BAM-22400

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2023
Vulnerability Reserved
Jan 1, 2023

Credit

a private user