PRIOn knowledge basePRION:CVE-2023-22506Remote code execution
This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center.
This Injection and RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.5, allows an authenticated attacker to
modify the actions taken by a system call and execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.
Ā
Ā
Atlassian recommends that you upgrade your instance to latest version. If youāre unable to upgrade to latest, upgrade to one of these fixed versions: 9.2.3 and 9.3.1. See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html|https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Bamboo Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives|https://www.atlassian.com/software/bamboo/download-archives]).
This vulnerability was reported via our Penetration Testing program.
| CPE | Name | Operator | Version |
|---|---|---|---|
| bamboo_data_center | ge | 8.0.0 | |
| bamboo_data_center | lt | 9.2.3 | |
| bamboo_server | ge | 8.0.0 | |
| bamboo_server | lt | 9.2.3 |
References
Related
