Skip to main content

Bamboo CVE-2015-8361

CRITICAL
Improper Access Control (CWE-284)
2016-02-08 cve@mitre.org
9.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 08, 2016 - 19:59 cve.org
CRITICAL 9.1

DescriptionCVE.org

Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port.

AnalysisAI

Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-284. Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port. Affected products include: Atlassian Bamboo. Version information: before 5.9.9.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Bamboo

View all
CVE-2012-2926 CRITICAL POC
9.1 May 22

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible bef

CVE-2016-5229 CRITICAL
9.8 Aug 02

Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, w

CVE-2015-8360 CRITICAL
9.8 Feb 08

An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arb

CVE-2014-9757 CRITICAL
9.8 Feb 08

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote con

CVE-2022-26136 CRITICAL
9.8 Jul 20

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used

CVE-2017-14589 CRITICAL
9.6 Dec 13

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. Rated critic

CVE-2015-6576 HIGH
8.8 Oct 03

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execut

CVE-2017-14590 CRITICAL
9.1 Dec 13

Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. Rated critical s

CVE-2017-8907 HIGH
8.8 Jun 14

Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project

CVE-2017-9514 HIGH
8.8 Oct 12

Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not

CVE-2023-22516 HIGH
8.8 Nov 21

This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.

CVE-2022-26137 HIGH
8.8 Jul 20

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Fil

Share

CVE-2015-8361 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy