CVSS: 9.1EPSS: 0%CPEs: 90EXPL: 0CVE-2015-8361
https://notcve.org/view.php?id=CVE-2015-8361
Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port. Múltiples servicios no especificados en Atlassian Bamboo en versiones anteriores a 5.9.9 y 5.10.x en versiones anteriores a 5.10.0 no requieren autenticación, lo que permite a atacantes remotos obtener información sensible, modificar ajustes o administrar agentes de construcción a través de vectores desconocidos que involucran al puerto JMS. • http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html http://www.securityfocus.com/archive/1/537347/100/0/threaded https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html https://jira.atlassian.com/browse/BAM-17102 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2015-6576 – Atlassian Bamboo Java Deserialization Code Execution
https://notcve.org/view.php?id=CVE-2015-6576
Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. Bamboo 2 2 en versiones anteriores a la 5 8 5 y en versiones 5 9 x anteriores a la 5 9 7 permite que los atacantes remotos con acceso a la interfaz web de Bamboo ejecuten código Java mediante un recurso no especificado. • https://github.com/CallMeJonas/CVE-2015-6576 http://packetstormsecurity.com/files/134065/Bamboo-Java-Code-Execution.html http://www.securityfocus.com/archive/1/536747/100/0/threaded https://confluence.atlassian.com/x/Hw7RLg https://jira.atlassian.com/browse/BAM-16439 • CWE-94: Improper Control of Generation of Code ('Code Injection') •