Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Atlassian Bamboo agent

Vansh
Vansh
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 10, 2022

Answer
Watch
Like Be the first to like this
467 views

1 answer

0 votes
Eduardo Alvarenga
Eduardo Alvarenga
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 10, 2022

Hello @Vansh, Welcome to Atlassian Community!

CVS-2020-9488

Atlassian classified it as a “low” based on its CVSSv3 base score (read more about security levels for security issues). Vulnerabilities in the low range typically have very little impact on an organization's business. The exploitation of such vulnerabilities usually requires local or physical system access. Vulnerabilities in third-party code that are unreachable from Atlassian code may be downgraded to low severity.

CVE-2022-23302, CVE-2022-23305, and CVE-2022-23307

Short answer: Fix available

Bamboo 8.0.68.1.5 and 8.2.1 contain a fix for those three CVEs. Please plan to upgrade at your earliest convenience. 

As the CVE-2022-22965 vulnerability (Spring4shell) was fixed on Bamboo releases 8.0.7, 8.1.6 and 8.2.2 please consider those or later releases instead. Please keep an eye on our FAQ for CVE-2022-22965 for more information.

 

Regards,

Eduardo Alvarenga
Atlassian Support APAC

Reply

Suggest an answer

Log in or Sign up to answer
Bamboo
Bamboo
TAGS
AUG Leaders

Atlassian Community Events

    See all events