CVE-2024-21687

Name of the Vulnerable Software and Affected Versions: Atlassian Bamboo Data Center and Server versions 9.0.0 through 9.6.0

Description: The issue is related to a File Inclusion vulnerability that allows an authenticated attacker to display the contents of a local file or execute different files already stored locally on the server. This has a high impact on confidentiality and integrity but no impact on availability, and it requires no user interaction.

Recommendations: For versions 9.6.0 to 9.6.3 LTS, upgrade to 9.6.4 LTS. For versions from 9.5.0 to 9.5.4, upgrade to 9.6.4 LTS. For versions from 9.4.0 to 9.4.3, upgrade to 9.6.4 LTS. For versions from 9.3.0 to 9.3.6, upgrade to 9.6.4 LTS. For versions from 9.2.0 to 9.2.15 LTS, upgrade to 9.6.4 LTS or 9.2.16 LTS. For versions from 9.1.0 to 9.1.3, upgrade to 9.6.4 LTS or 9.2.16 LTS. For versions from 9.0.0 to 9.0.4, upgrade to 9.6.4 LTS or 9.2.16 LTS. For any earlier versions, upgrade to 9.6.4 LTS or 9.2.16 LTS.