File Inclusion Vulnerability in Bamboo Data Center and Server by Atlassian
CVE-2024-21687
Summary
A file inclusion vulnerability was identified in versions 9.0.0 to 9.6.0 of Bamboo Data Center and Server. An authenticated attacker can exploit this vulnerability to manipulate the application into accessing and displaying the contents of local files on the server. The potential consequences include significant risks to confidentiality and integrity of sensitive data, while availability remains unaffected. No user interaction is needed for an attack to succeed. Atlassian advises users to promptly update to the latest version or to one of the mentioned supported fixed versions. Detailed upgrade instructions can be found in the Bamboo release notes and the official download center.
Affected Version(s)
Bamboo Data Center 9.6.0 to 9.6.3
Bamboo Data Center 9.5.0 to 9.5.4
Bamboo Data Center 9.4.0 to 9.4.4
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
SpiceworksCVE-2024-21687Atlassian Fixes Server and Data Center Flaws - Spiceworks
Atlassian has released security updates to patch critical vulnerabilities in its server and data center products. Find out more.
6 months ago
References
CVSS V3.1
Timeline
- π°
First article discovered by Spiceworks
Vulnerability published