PT-2016-6314 · Atlassian+1 · Bamboo+1

Moritz Bechler

Publicado

2016-08-02

Atualizado

2018-10-09

CVE-2016-5229

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Atlassian Bamboo versions prior to 5.11.4.1 Atlassian Bamboo versions 5.12.x prior to 5.12.3.1

Description The issue is related to the improper restriction of permitted deserialized classes, which can be exploited by remote attackers to execute arbitrary code. This is related to XStream Serialization.

Recommendations For versions prior to 5.11.4.1, update to version 5.11.4.1 or later. For versions 5.12.x prior to 5.12.3.1, update to version 5.12.3.1 or later.

Correção

RCE

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2016-5229

Produtos afetados

Bamboo

Xstream

PT-2016-6314 · Atlassian+1 · Bamboo+1

CVE-2016-5229

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8