Hello,
I use bamboo v 5.15.0.1.
I received from my bamboo instance the next email with:
subject: *** SECURITY information for dc16-01 ***
body:
dc16-01 : Sep 5 11:19:42 : bamboo : user NOT in sudoers ; TTY=pts/9 ; PWD=/home/bamboo/xmrig-3.1.1/manual ; USER=root ; COMMAND=apt-get install git build-essential cmake libuv1-dev libmicrohttpd-dev libssl-dev libhwloc-dev
When I check home dir I found this:
drwxr-xr-x 3 bamboo bamboo 67 Sep 5 11:19 xmrig-3.1.1
-rw-r--r-- 1 bamboo bamboo 3.6M Aug 31 04:15 xmrig-3.1.1-xenial-x64.tar.gz
I do not download xmrig and user bamboo is not allowed to login over ssh for do something like this. I think that may happened only over web part of bamboo. Maybe it's some security bug of bamboo... and it can download and try to install this package.
If you need additional information please ask me.
Best regards, Volodymyr
Bamboo v5.15 was released back in February/2017. Since then Atlassian released a few Security Advisory. Perhaps, Bamboo Security Advisory 2017-03-10, relates to the issue you have reported.
You should consider backing up and upgrading Bamboo to a most recent version.
Kind regards,
Rafael
I believe you should raise this over https://support.atlassian.com/contact/
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
"Atlassian no longer offers personal support for Starter Licenses."
I can't because I have starter licence :)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.