Lucene search
PbruskiBAM-17102HistoryJan 12, 2016 - 3:59 a.m.
CVE-2015-8361: Services exposed without authentication Vulnerability
2016-01-1203:59:40
pbruski
jira.atlassian.com
6
0.004 Low
EPSS
Percentile
74.5%
Bamboo exposed services without first performing authentication checks. Attackers can use this vulnerability to extract confidential information from Bamboo, modify certain settings and manage build agents. To exploit this issue, attackers need to be able to access the Bamboo JMS port.
Affected versions:
- All versions of Bamboo from 2.4 before 5.9.9 (the fixed version for 5.9.x) are affected by this vulnerability.
\
Fix:
- Bamboo 5.10.0 is available for download from https://www.atlassian.com/software/bamboo/download.
- Bamboo 5.9.9 is available for download from https://www.atlassian.com/software/bamboo/download-archives.
\
For additional details see the [full advisory|https://confluence.atlassian.com/x/VzlZLw].
| CPE | Name | Operator | Version |
|---|---|---|---|
| bamboo data center | le | 2.4 | |
| bamboo data center | le | 5.9.7 | |
| bamboo data center | lt | 5.10.0 | |
| bamboo data center | lt | 5.9.9 |
Related
openvas
openvas
Atlassian Bamboo Multiple Vulnerabilities (Feb 2016)
2016-02-19 00:00:00
atlassian
atlassian
cvelist
cvelist
CVE-2014-9757
2016-02-08 19:00:00
CVE-2015-8361
2016-02-08 19:00:00
prion
prion
Design/Logic Flaw
2016-02-08 19:59:00
Authentication flaw
2016-02-08 19:59:00
cve
cve
CVE-2014-9757
2016-02-08 19:59:00
CVE-2015-8361
2016-02-08 19:59:00