CVE-2023-22516

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 21, 2023
Updated: Nov 29, 2023

Summary

CVE-2023-22516 is a high severity Remote Code Execution (RCE) vulnerability affecting versions 8.1.0 through 9.3.0 of Atlassian Bamboo Data Center and Server. With a CVSS Score of 8.5, this issue allows authenticated attackers to execute arbitrary code, leading to significant impact on confidentiality, integrity, and availability. No user interaction is required to exploit the vulnerability. Atlassian advises affected customers to upgrade to the latest version as soon as possible. For those unable to do so, specific fixed versions are recommended: Bamboo Data Center and Server 9.2 should be upgraded to a release greater than or equal to 9.2.7, while Bamboo Data Center and Server 9.3 should be upgraded to a release greater than or equal to 9.3.4. Java 1.8u121+ should also be used if Java 8 is being utilized to run these versions. The latest version of Bamboo Data Center and Server can be downloaded from the Atlassian download center. This vulnerability was discovered by a private user and reported via Atlassian's Bug Bounty program.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Atlassian Bamboo

Affected Vendors

  • Atlassian Corporation Pty Ltd.