CVE-2015-8361

Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
atlassianbamboo
2.4
atlassianbamboo
2.4.1
atlassianbamboo
2.4.2
atlassianbamboo
2.4.3
atlassianbamboo
2.5
atlassianbamboo
2.5.1
atlassianbamboo
2.5.2
atlassianbamboo
2.5.3
atlassianbamboo
2.5.5
atlassianbamboo
2.6
atlassianbamboo
2.6.1
atlassianbamboo
2.6.2
atlassianbamboo
2.6.3
atlassianbamboo
2.7
atlassianbamboo
2.7.1
atlassianbamboo
2.7.2
atlassianbamboo
2.7.3
atlassianbamboo
2.7.4
atlassianbamboo
3.0
atlassianbamboo
3.0.1
atlassianbamboo
3.0.2
atlassianbamboo
3.0.3
atlassianbamboo
3.1
atlassianbamboo
3.1.1
atlassianbamboo
3.1.3
atlassianbamboo
3.1.4
atlassianbamboo
3.2
atlassianbamboo
3.2.2
atlassianbamboo
3.3
atlassianbamboo
3.3.1
atlassianbamboo
3.3.2
atlassianbamboo
3.3.3
atlassianbamboo
3.3.4
atlassianbamboo
3.4
atlassianbamboo
3.4.1
atlassianbamboo
3.4.2
atlassianbamboo
3.4.3
atlassianbamboo
3.4.4
atlassianbamboo
3.4.5
atlassianbamboo
4.0
atlassianbamboo
4.0.1
atlassianbamboo
4.1
atlassianbamboo
4.1.1
atlassianbamboo
4.1.2
atlassianbamboo
4.2
atlassianbamboo
4.2.1
atlassianbamboo
4.3
atlassianbamboo
4.3.1
atlassianbamboo
4.3.2
atlassianbamboo
4.3.3
atlassianbamboo
4.3.4
atlassianbamboo
4.4
atlassianbamboo
4.4.1
atlassianbamboo
4.4.2
atlassianbamboo
4.4.3
atlassianbamboo
4.4.4
atlassianbamboo
4.4.5
atlassianbamboo
4.4.8
atlassianbamboo
5.0
atlassianbamboo
5.0:beta1
atlassianbamboo
5.0:beta2
atlassianbamboo
5.0:beta3
atlassianbamboo
5.0:rc1
atlassianbamboo
5.0.1
atlassianbamboo
5.1
atlassianbamboo
5.1.1
atlassianbamboo
5.2
atlassianbamboo
5.2.1
atlassianbamboo
5.2.2
atlassianbamboo
5.3
atlassianbamboo
5.4
atlassianbamboo
5.4.1
atlassianbamboo
5.4.2
atlassianbamboo
5.5
atlassianbamboo
5.6
atlassianbamboo
5.6.1
atlassianbamboo
5.6.2
atlassianbamboo
5.7
atlassianbamboo
5.7.1
atlassianbamboo
5.7.2
atlassianbamboo
5.8
atlassianbamboo
5.8.1
atlassianbamboo
5.8.2
atlassianbamboo
5.8.5
atlassianbamboo
5.9
atlassianbamboo
5.9.1
atlassianbamboo
5.9.2
atlassianbamboo
5.9.3
atlassianbamboo
5.9.4
atlassianbamboo
5.9.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html
http://www.securityfocus.com/archive/1/537347/100/0/threaded
https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html
https://jira.atlassian.com/browse/BAM-17102
http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html
http://www.securityfocus.com/archive/1/537347/100/0/threaded
https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html
https://jira.atlassian.com/browse/BAM-17102