CVE-2023-22506 — Code Injection in Atlassian Bamboo Data Center

CWE-94 — Code Injection3 documents3 sources

Severity

8.8HIGHNVD

EPSS

3.7%

top 11.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Bamboo Data Center Atlassian Bamboo Server

Timeline

PublishedJul 19

Description

This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center. This Injection and RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.5, allows an authenticated attacker to modify the actions taken by a system call and execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that y…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDatlassian/bamboo_data_center8.0.0 — 9.2.3

▶CVEListV5atlassian/bamboo_data_center>= 8.0.0

▶NVDatlassian/bamboo_server8.0.0 — 9.2.3

▶CVEListV5atlassian/bamboo_server>= 8.0.0

Patches

Patch: jira.atlassian.com ↗Patch: jira.atlassian.com ↗

🔴Vulnerability Details

GHSA

GHSA-hwhw-f642-jhqq: This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in in version 8↗2023-07-19

▶

CVEList

CVE-2023-22506: This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8↗2023-07-18

▶