CVE-2024-21687

CWE-984 documents4 sources
Severity
8.1HIGH
EPSS
1.2%
top 21.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian BambooAtlassian Bamboo Data CenterAtlassian Bamboo Server
Timeline
PublishedJul 16

Description

This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server. This File Inclusion vulnerability, with a CVSS Score of 8.1, allows an authenticated attacker to get the application to display the contents of a local file, or execute a different files already stored locally on the server which has high impact to confidentiality, high impact to integrity, no impact to availability, and requires no user

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

CVEListV5atlassian/bamboo_data_center6 versions+5
CVEListV5atlassian/bamboo_server4 versions+3
NVDatlassian/bamboo9.2.09.2.16+6

🔴Vulnerability Details

2
GHSA
GHSA-87p8-wr2m-jhp2: This High severity File Inclusion vulnerability was introduced in versions 92024-07-16
CVEList
CVE-2024-21687: This High severity File Inclusion vulnerability was introduced in versions 92024-07-16

📋Vendor Advisories

1
Atlassian
CVE-2024-21687: 9.6.0 to 9.6.3 (LTS) 9.5.0 to 9.5.4 9.4.0 to 9.4.4 9.3.0 to 9.3.6 9.2.1 to 9.2.15 (LTS) 9.1.0 to 9.1.3 9.0.0 to 9.0.42024-07-16
CVE-2024-21687 (HIGH CVSS 8.1) | This High severity File Inclusion v | cvebase.io