EUVD-2015-8244

Malware in sbrugna...

CVE-2015-8361

Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port...

CVE-2015-8360

An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port...

Authentication flaw

Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port...

Code injection

An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port...

CVE-2015-8361

Atlassian Bamboo is affected: multiple services expose without authentication in Bamboo versions before 5.9.9 and 5.10.x before 5.10.0, allowing remote attackers to obtain sensitive information, modify settings, or manage build agents via the JMS port. Root cause described across sources is lack ...

CVE-2015-8360

CVE-2015-8360 affects Atlassian Bamboo pre-5.9.9 and 5.10.x pre-5.10.0, where deserializing untrusted data to the JMS port enables remote Java code execution via a deserialization vulnerability. The root cause is deserialization of arbitrary user input without proper restriction. Remediation per ...

CVE-2015-8360

An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port...

CVE-2015-8361: Services exposed without authentication Vulnerability

Bamboo exposed services without first performing authentication checks. Attackers can use this vulnerability to extract confidential information from Bamboo, modify certain settings and manage build agents. To exploit this issue, attackers need to be able to access the Bamboo JMS port. Affected...

CVE-2015-8360: Deserialisation Resulting in Remote Code Execution Vulnerability

Bamboo had a resource that deserialised arbitrary user input without restriction. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo. To exploit this issue, attackers need to be able to access the Bamboo JMS port port 5466...

CVE-2015-8360: Deserialisation Resulting in Remote Code Execution Vulnerability

Bamboo had a resource that deserialised arbitrary user input without restriction. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo. To exploit this issue, attackers need to be able to access the Bamboo JMS port port 5466...