Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-22516

Опубликовано: 21 нояб. 2023
Источник: nvd
CVSS3: 8.5
CVSS3: 8.8
EPSS Низкий

Описание

This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server.

This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.

Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7. JDK 1.8u121+ should be used in case Java 8 used to run Bamboo Data Center and Server. See Bamboo 9.2 Upgrade notes (https://confluence.atlassian.com/bambooreleases/bamboo-9-2-upgrade-notes-1207179212.html)

Bamboo Data Center and Server 9.3: Upgrade to a release greater tha

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
Версия от 8.1.0 (включая) до 9.2.7 (исключая)
cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
Версия от 9.3.0 (включая) до 9.3.4 (исключая)

EPSS

Процентиль: 82%
0.01725
Низкий

8.5 High

CVSS3

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-xqv7-xc39-ph8v

CVSS3: 8.5
github
около 2 лет назад

This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7. JDK 1.8u121+ should be used in case Java 8 used to run Bamboo Data Center and Server. See Bamboo 9.2 Upgrade notes (https://confluence.atlassian.com/bambooreleases/bamboo-9-2-upgrade-notes-1207179212.html) Bamboo Data Center and Server 9.3: Upgrade to a release greater than or ...

EPSS

Процентиль: 82%
0.01725
Низкий

8.5 High

CVSS3

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo