PT-2024-6124 · Atlassian · Bamboo+1
Bug Bounty
·
Published
2024-08-20
·
Updated
2024-08-21
·
CVE-2024-21689
CVSS v3.1
8.0
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Bamboo Data Center and Server versions 9.1.0 through 9.6.0
Description
The issue is related to insufficient input validation, allowing an authenticated attacker to execute arbitrary code, which has a high impact on confidentiality, integrity, and availability. This requires user interaction. Approximately 4,287 devices may be affected.
Recommendations
For Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.17
For Bamboo Data Center and Server 9.6: Upgrade to a release greater than or equal to 9.6.5
If you are unable to upgrade to the latest version, consider upgrading your instance to one of the specified supported fixed versions.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Bamboo
Bamboo Server