Bamboo and CVE-2018-1327, for Apache Struts Vulnerability?

Brian Hecko November 2, 2018

Bamboo and CVE-2018-1327, for Apache Struts Vulnerability?  I see other posts where Bamboo is not susceptible to several of the Apache Struts vulns, but just want to confirm this particular CVE also.  Thanks.  We are using Nexpose as our security scanner.

2 answers

2 accepted

1 vote
Answer accepted
Alexey Chystoprudov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 5, 2018

Bamboo doesn't use Struts REST plugin so it's not affected

Gonchik Tsymzhitov
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
November 5, 2018

@Alexey Chystoprudov

Thanks for your answer : )

Brian Hecko November 5, 2018

Thanks for the reply and info, much appreciated.

0 votes
Answer accepted
Gonchik Tsymzhitov
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
November 3, 2018

Hi @Brian Hecko

As I read from here . CVE related DoS attacks from XStream library for version < 2.5.16

 

Have you checked on latest version of the Bamboo

https://confluence.atlassian.com/bamboo/bamboo-6-7-release-notes-959795979.html ?

 

As I see latest version should not be affected, because Atlassian upgraded to 2.5.17 Struts

Reference:

https://jira.atlassian.com/browse/BAM-20051

 

Cheers,

Gonchik Tsymzhitov

Brian Hecko November 5, 2018

Ah, will look into upgrading to 6.7 soon.  Just finished upgrading to 6.6.3 recently.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events