CVE-2015-8361Improper Access Control in Atlassian Bamboo

CWE-284Improper Access Control3 documents3 sources
Severity
9.1CRITICALNVD
EPSS
0.5%
top 33.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Atlassian Bamboo
Timeline
PublishedFeb 8
Latest updateMay 14

Description

Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

NVDatlassian/bamboo86 versions+85

Patches

Patch: jira.atlassian.comPatch: jira.atlassian.com

🔴Vulnerability Details

2
GHSA
GHSA-p635-3wgg-xwf4: Multiple unspecified services in Atlassian Bamboo before 52022-05-14
CVEList
CVE-2015-8361: Multiple unspecified services in Atlassian Bamboo before 52016-02-08
CVE-2015-8361 — Improper Access Control in Atlassian | cvebase