CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2016-5229
https://notcve.org/view.php?id=CVE-2016-5229
Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization. Atlassian Bamboo en versiones anteriores a 5.11.4.1 y 5.12.x en versiones anteriores a 5.12.3.1 no restringe adecuadamente clases deserializadas permitidas, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con XStream Serialization. • http://packetstormsecurity.com/files/138053/Bamboo-Deserialization-Issue.html http://www.securityfocus.com/archive/1/539003/100/0/threaded http://www.securityfocus.com/bid/92057 https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-07-20-831660461.html https://jira.atlassian.com/browse/BAM-17736 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 90EXPL: 0CVE-2014-9757
https://notcve.org/view.php?id=CVE-2014-9757
The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message. La API Ignite Realtime Smack XMPP, como se utiliza en Atlassian Bamboo en versiones anteriores a 5.9.9 y 5.10.x en versiones anteriores a 5.10.0, permite a servidores XMPP remotos configurados ejecutar código Java arbitrario a través de datos serializados en un mensaje XMPP. • http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html http://www.securityfocus.com/archive/1/537347/100/0/threaded https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html https://jira.atlassian.com/browse/BAM-17099 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 91EXPL: 0CVE-2015-8360
https://notcve.org/view.php?id=CVE-2015-8360
An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. Un recurso no especificado en Atlassian Bamboo en versiones anteriores a 5.9.9 y 5.10.x en versiones anteriores a 5.10.0 permite a atacantes remotos ejecutar código Java arbitrario a través de datos serializados al puerto JMS. • http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html http://www.securityfocus.com/archive/1/537347/100/0/threaded https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html https://jira.atlassian.com/browse/BAM-17101 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 90EXPL: 0CVE-2015-8361
https://notcve.org/view.php?id=CVE-2015-8361
Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port. Múltiples servicios no especificados en Atlassian Bamboo en versiones anteriores a 5.9.9 y 5.10.x en versiones anteriores a 5.10.0 no requieren autenticación, lo que permite a atacantes remotos obtener información sensible, modificar ajustes o administrar agentes de construcción a través de vectores desconocidos que involucran al puerto JMS. • http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html http://www.securityfocus.com/archive/1/537347/100/0/threaded https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html https://jira.atlassian.com/browse/BAM-17102 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2015-6576 – Atlassian Bamboo Java Deserialization Code Execution
https://notcve.org/view.php?id=CVE-2015-6576
Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. Bamboo 2 2 en versiones anteriores a la 5 8 5 y en versiones 5 9 x anteriores a la 5 9 7 permite que los atacantes remotos con acceso a la interfaz web de Bamboo ejecuten código Java mediante un recurso no especificado. • https://github.com/CallMeJonas/CVE-2015-6576 http://packetstormsecurity.com/files/134065/Bamboo-Java-Code-Execution.html http://www.securityfocus.com/archive/1/536747/100/0/threaded https://confluence.atlassian.com/x/Hw7RLg https://jira.atlassian.com/browse/BAM-16439 • CWE-94: Improper Control of Generation of Code ('Code Injection') •