Przemek Bruski

**Name of the Vulnerable Software and Affected Versions** Atlassian Bamboo versions prior to 5.9.9 Atlassian Bamboo versions 5.10.x prior to 5.10.0 **Description** The issue allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message. This is related to the use of the Ignite Realtime Smack XMPP API in Atlassian Bamboo. **Recommendations** For versions prior to 5.9.9, update to version 5.9.9 or later. For versions 5.10.x prior to 5.10.0, update to version 5.10.0 or later.

**Name of the Vulnerable Software and Affected Versions** Atlassian Bamboo versions prior to 5.9.9 Atlassian Bamboo versions 5.10.x prior to 5.10.0 **Description** The issue allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. **Recommendations** For versions prior to 5.9.9, update to version 5.9.9 or later. For versions 5.10.x prior to 5.10.0, update to version 5.10.0 or later.

**Name of the Vulnerable Software and Affected Versions** Atlassian Bamboo versions prior to 5.9.9 Atlassian Bamboo versions 5.10.x prior to 5.10.0 **Description** The issue allows remote attackers to obtain sensitive information, modify settings, or manage build agents without requiring authentication. This is due to unspecified services in Atlassian Bamboo that do not require authentication, involving unknown vectors related to the JMS port. **Recommendations** For Atlassian Bamboo versions prior to 5.9.9, update to version 5.9.9 or later. For Atlassian Bamboo versions 5.10.x prior to 5.10.0, update to version 5.10.0 or later.