Vulnerability CVE-2015-8361
Published: 2016-02-08

Description:
Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port.

See advisories in our WLB2 database:
Topic
Author
Date
High
Bamboo Deserialization / Missing Authentication Checks
David Black
22.01.2016

Type:

CWE-284

 (Improper Access Control)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Atlassian -> Bamboo 

 References:
http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html
http://www.securityfocus.com/archive/1/537347/100/0/threaded
https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html
https://jira.atlassian.com/browse/BAM-17102
Copyright 2024, cxsecurity.com

 

Back to Top