PT-2023-18554 · Atlassian+1 · Bamboo Server+2
Published
2023-11-21
·
Updated
2023-11-29
·
CVE-2023-22516
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Bamboo Data Center and Server versions 8.1.0 through 9.3.0
Description
This issue allows an authenticated attacker to execute arbitrary code, which has high impact to confidentiality, integrity, and availability, and requires no user interaction. The vulnerability was discovered by a private user and reported via the Bug Bounty program.
Recommendations
For Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7.
For Bamboo Data Center and Server 9.3: Upgrade to a release greater than or equal to 9.3.4.
If Java 8 is used to run Bamboo Data Center and Server, use JDK 1.8u121 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Bamboo
Bamboo Server
Java