Vulnerability Description
An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Bamboo | 2.3.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authe
- http://www.securityfocus.com/archive/1/537347/100/0/threaded
- https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-7943Vendor Advisory
- https://jira.atlassian.com/browse/BAM-17101PatchVendor Advisory
- http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authe
- http://www.securityfocus.com/archive/1/537347/100/0/threaded
- https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-7943Vendor Advisory
- https://jira.atlassian.com/browse/BAM-17101PatchVendor Advisory
FAQ
What is CVE-2015-8360?
CVE-2015-8360 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port.
How severe is CVE-2015-8360?
CVE-2015-8360 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2015-8360?
Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Bamboo.