CVE-2016-5229

CVE-2016-5229 affects Atlassian Bamboo prior to 5.11.4.1 and 5.12.x prior to 5.12.3.1. The issue arises from insufficient restriction of deserialized classes during XStream-based deserialization, enabling remote code execution via crafted input. A fix is available: Bamboo 5.12.3.1 and 5.11.4.1 (a...

CVE-2016-5229

Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization...

CVE-2016-5229 - Deserialisation resulting in remote code execution caused by insufficient restriction on permitted deserialised classes

Bamboo had a resource that deserialised input from build agents and did not sufficiently restrict which classes could be deserialised. To exploit this issue, attackers need to have a valid Bamboo agent fingerprint or be able to run code on a Bamboo agent. Affected versions: All versions of Bamboo...

CVE-2016-5229 - Deserialisation resulting in remote code execution caused by insufficient restriction on permitted deserialised classes

Bamboo had a resource that deserialised input from build agents and did not sufficiently restrict which classes could be deserialised. To exploit this issue, attackers need to have a valid Bamboo agent fingerprint or be able to run code on a Bamboo agent. Affected versions: All versions of Bamboo...