High Severity RCE Vulnerability Affects Atlassian Bamboo Data Center and Server Versions
CVE-2024-21689

8HIGH

Key Information:

Vendor
Atlassian
Status
Bamboo Data Center
Bamboo Server
Vendor
CVE Published:
20 August 2024

Badges

👾 Exploit Exists🟣 EPSS 40%

Summary

A remote code execution vulnerability exists in Bamboo Data Center and Server versions 9.1.0 through 9.6.0, allowing an authenticated attacker to execute arbitrary code. This vulnerability directly impacts confidentiality, integrity, and availability. User interaction is required for exploitation, which underscores the importance of actively maintaining up-to-date software. Users are strongly advised to upgrade to supported fixed versions, specifically Bamboo Data Center and Server 9.2.17 or later, or Bamboo Data Center and Server 9.6.5 or later. Details and downloads are available on Atlassian's official site and through their release notes.

Affected Version(s)

Bamboo Data Center 9.6.0 to 9.6.4

Bamboo Data Center 9.5.0 to 9.5.4

Bamboo Data Center 9.4.0 to 9.4.4

References

https://confluence.atlassian.com/pages/viewpage.action?pa...
https://jira.atlassian.com/browse/BAM-25858

EPSS Score

40% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

CVSS V3.0

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bug Bounty
.