PT-2016-3896 · Atlassian · Bamboo

Przemek Bruski

Published

2016-02-08

Updated

2018-10-09

CVE-2015-8361

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Atlassian Bamboo versions prior to 5.9.9 Atlassian Bamboo versions 5.10.x prior to 5.10.0

Description The issue allows remote attackers to obtain sensitive information, modify settings, or manage build agents without requiring authentication. This is due to unspecified services in Atlassian Bamboo that do not require authentication, involving unknown vectors related to the JMS port.

Recommendations For Atlassian Bamboo versions prior to 5.9.9, update to version 5.9.9 or later. For Atlassian Bamboo versions 5.10.x prior to 5.10.0, update to version 5.10.0 or later.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2015-8361

Affected Products

Bamboo

PT-2016-3896 · Atlassian · Bamboo

CVE-2015-8361

Weakness Enumeration

Related Identifiers

Affected Products

References · 6