High Severity RCE Vulnerability Affects Atlassian Bamboo Data Center and Server Versions
CVE-2024-21689

7.6HIGH

Key Information:

Vendor
Atlassian
Status
Bamboo Data Center
Bamboo Server
Vendor
CVE Published:
20 August 2024

Badges

πŸ‘Ύ Exploit Exists

Summary

A remote code execution vulnerability exists in Bamboo Data Center and Server versions 9.1.0 through 9.6.0, allowing an authenticated attacker to execute arbitrary code. This vulnerability directly impacts confidentiality, integrity, and availability. User interaction is required for exploitation, which underscores the importance of actively maintaining up-to-date software. Users are strongly advised to upgrade to supported fixed versions, specifically Bamboo Data Center and Server 9.2.17 or later, or Bamboo Data Center and Server 9.6.5 or later. Details and downloads are available on Atlassian's official site and through their release notes.

Affected Version(s)

Bamboo Data Center 9.6.0 to 9.6.4

Bamboo Data Center 9.5.0 to 9.5.4

Bamboo Data Center 9.4.0 to 9.4.4

References

https://confluence.atlassian.com/pages/viewpage.action?pa...
https://jira.atlassian.com/browse/BAM-25858

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bug Bounty
.