Lucene search
PbruskiATLASSIAN:BAM-17101HistoryJan 12, 2016 - 3:59 a.m.
CVE-2015-8360: Deserialisation Resulting in Remote Code Execution Vulnerability
2016-01-1203:59:21
pbruski
jira.atlassian.com
52
EPSS
0.007
Percentile
79.5%
Bamboo had a resource that deserialised arbitrary user input without restriction. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo. To exploit this issue, attackers need to be able to access the Bamboo JMS port (port 54663 by default).
Affected versions:
- All versions of Bamboo from 2.3.1 before 5.9.9 (the fixed version for 5.9.x) are affected by this vulnerability.
\
Fix:
- Bamboo 5.10.0 is available for download from https://www.atlassian.com/software/bamboo/download.
- Bamboo 5.9.9 is available for download from https://www.atlassian.com/software/bamboo/download-archives.
\
For additional details see the [full advisory|https://confluence.atlassian.com/x/VzlZLw].
Related
atlassian
atlassian
cvelist
cvelist
CVE-2014-9757
2016-02-08 19:00:00
CVE-2015-8360
2016-02-08 19:00:00
prion
prion
Design/Logic Flaw
2016-02-08 19:59:00
Code injection
2016-02-08 19:59:00
cve
cve
CVE-2014-9757
2016-02-08 19:59:00
CVE-2015-8360
2016-02-08 19:59:03
nvd
nvd
CVE-2014-9757
2016-02-08 19:59:00
CVE-2015-8360
2016-02-08 19:59:03
openvas
openvas
Atlassian Bamboo Remote Code Execution Vulnerability (Feb 2016)
2016-02-19 00:00:00
Atlassian Bamboo Multiple Vulnerabilities (Feb 2016)
2016-02-19 00:00:00
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08