CVE-2015-8361

Name of the Vulnerable Software and Affected Versions Atlassian Bamboo versions prior to 5.9.9 Atlassian Bamboo versions 5.10.x prior to 5.10.0

Description The issue allows remote attackers to obtain sensitive information, modify settings, or manage build agents without requiring authentication. This is due to unspecified services in Atlassian Bamboo that do not require authentication, involving unknown vectors related to the JMS port.

Recommendations For Atlassian Bamboo versions prior to 5.9.9, update to version 5.9.9 or later. For Atlassian Bamboo versions 5.10.x prior to 5.10.0, update to version 5.10.0 or later.