Security Metrics Bot

**Name of the Vulnerable Software and Affected Versions** Bamboo Data Center versions 9.6.0 through 9.6.23 Bamboo Data Center versions 10.0.0 through 10.1.0 Bamboo Data Center versions 10.2.0 through 10.2.15 Bamboo Data Center versions 11.0.0 through 11.1.0 Bamboo Data Center versions 12.0.0 through 12.1.2 **Description** A high-severity Remote Code Execution (RCE) issue exists in Bamboo Data Center. This allows an authenticated attacker to execute malicious code on the remote system. The issue was reported through the Atlassian internal program. **Recommendations** Bamboo Data Center versions 9.6.0 through 9.6.23: Upgrade to version 9.6.24 or later. Bamboo Data Center versions 10.0.0 through 10.1.0: Upgrade to version 10.2.16 or later. Bamboo Data Center versions 10.2.0 through 10.2.15: Upgrade to version 10.2.16 or later. Bamboo Data Center versions 11.0.0 through 11.1.0: Upgrade to version 12.1.3 or later. Bamboo Data Center versions 12.0.0 through 12.1.2: Upgrade to version 12.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Crowd Data Center and Server versions 7.1.0 through 7.1.2 **Description** An authenticated attacker can access local and remote content due to an XML External Entity Injection (XXE) issue. This can have a high impact on confidentiality and availability. The issue was reported through an internal program. **Recommendations** Upgrade to a release greater than or equal to Crowd Data Center and Server version 7.1.3.