CVE-2015-8361

EUVD-2015-8245
Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
atlassianbamboo
2.4
atlassianbamboo
2.4.1
atlassianbamboo
2.4.2
atlassianbamboo
2.4.3
atlassianbamboo
2.5
atlassianbamboo
2.5.1
atlassianbamboo
2.5.2
atlassianbamboo
2.5.3
atlassianbamboo
2.5.5
atlassianbamboo
2.6
atlassianbamboo
2.6.1
atlassianbamboo
2.6.2
atlassianbamboo
2.6.3
atlassianbamboo
2.7
atlassianbamboo
2.7.1
atlassianbamboo
2.7.2
atlassianbamboo
2.7.3
atlassianbamboo
2.7.4
atlassianbamboo
3.0
atlassianbamboo
3.0.1
atlassianbamboo
3.0.2
atlassianbamboo
3.0.3
atlassianbamboo
3.1
atlassianbamboo
3.1.1
atlassianbamboo
3.1.3
atlassianbamboo
3.1.4
atlassianbamboo
3.2
atlassianbamboo
3.2.2
atlassianbamboo
3.3
atlassianbamboo
3.3.1
atlassianbamboo
3.3.2
atlassianbamboo
3.3.3
atlassianbamboo
3.3.4
atlassianbamboo
3.4
atlassianbamboo
3.4.1
atlassianbamboo
3.4.2
atlassianbamboo
3.4.3
atlassianbamboo
3.4.4
atlassianbamboo
3.4.5
atlassianbamboo
4.0
atlassianbamboo
4.0.1
atlassianbamboo
4.1
atlassianbamboo
4.1.1
atlassianbamboo
4.1.2
atlassianbamboo
4.2
atlassianbamboo
4.2.1
atlassianbamboo
4.3
atlassianbamboo
4.3.1
atlassianbamboo
4.3.2
atlassianbamboo
4.3.3
atlassianbamboo
4.3.4
atlassianbamboo
4.4
atlassianbamboo
4.4.1
atlassianbamboo
4.4.2
atlassianbamboo
4.4.3
atlassianbamboo
4.4.4
atlassianbamboo
4.4.5
atlassianbamboo
4.4.8
atlassianbamboo
5.0
atlassianbamboo
5.0:beta1
atlassianbamboo
5.0:beta2
atlassianbamboo
5.0:beta3
atlassianbamboo
5.0:rc1
atlassianbamboo
5.0.1
atlassianbamboo
5.1
atlassianbamboo
5.1.1
atlassianbamboo
5.2
atlassianbamboo
5.2.1
atlassianbamboo
5.2.2
atlassianbamboo
5.3
atlassianbamboo
5.4
atlassianbamboo
5.4.1
atlassianbamboo
5.4.2
atlassianbamboo
5.5
atlassianbamboo
5.6
atlassianbamboo
5.6.1
atlassianbamboo
5.6.2
atlassianbamboo
5.7
atlassianbamboo
5.7.1
atlassianbamboo
5.7.2
atlassianbamboo
5.8
atlassianbamboo
5.8.1
atlassianbamboo
5.8.2
atlassianbamboo
5.8.5
atlassianbamboo
5.9
atlassianbamboo
5.9.1
atlassianbamboo
5.9.2
atlassianbamboo
5.9.3
atlassianbamboo
5.9.4
atlassianbamboo
5.9.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html
http://www.securityfocus.com/archive/1/537347/100/0/threaded
https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html
https://jira.atlassian.com/browse/BAM-17102
http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html
http://www.securityfocus.com/archive/1/537347/100/0/threaded
https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html
https://jira.atlassian.com/browse/BAM-17102