CVE-2022-4244

Name of the Vulnerable Software and Affected Versions codeplex-codehaus (affected versions not specified) Bamboo Data Center and Server versions 9.2.1 through 9.2.7

Description A flaw was found in codeplex-codehaus, allowing a directory traversal attack to access files and directories stored outside the intended folder. By manipulating files with ../ sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

Recommendations For Bamboo Data Center and Server versions 9.2.1 through 9.2.7, upgrade to a release greater than or equal to 9.2.8. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation. Avoid using absolute file paths in the affected API endpoints until the issue is resolved. Restrict access to the vulnerable module to minimize the risk of exploitation.