CVE-2015-6576 – Atlassian Bamboo Java Deserialization Code Execution

https://notcve.org/view.php?id=CVE-2015-6576

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. Bamboo 2 2 en versiones anteriores a la 5 8 5 y en versiones 5 9 x anteriores a la 5 9 7 permite que los atacantes remotos con acceso a la interfaz web de Bamboo ejecuten código Java mediante un recurso no especificado. • https://github.com/CallMeJonas/CVE-2015-6576 http://packetstormsecurity.com/files/134065/Bamboo-Java-Code-Execution.html http://www.securityfocus.com/archive/1/536747/100/0/threaded https://confluence.atlassian.com/x/Hw7RLg https://jira.atlassian.com/browse/BAM-16439 • CWE-94: Improper Control of Generation of Code ('Code Injection') •