Atlassian has issued a security advisory for a newly discovered high-severity vulnerability affecting its Bamboo Data Center and Server products. The vulnerability, identified as CVE-2024-21689, has a CVSS score of 7.6, indicating a high severity level.
This flaw allows attackers to execute arbitrary code remotely, posing significant risks to confidentiality, integrity, and availability. Bamboo Data Center and Server versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 are affected by vulnerability.
The vulnerability allows an authenticated attacker to execute arbitrary code on the affected systems. This requires user interaction and has a high impact on the system’s confidentiality, integrity, and availability.
The vulnerability was discovered through Atlassian’s Bug Bounty program, highlighting the importance of community engagement in identifying and mitigating security risks.
Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot
Atlassian strongly advises users of the affected Bamboo versions to upgrade to the latest versions to mitigate this vulnerability.
If immediate upgrading is not feasible, users should at least update to the following fixed versions:
- Bamboo Data Center and Server 9.2: Upgrade to version 9.2.17 or later.
- Bamboo Data Center and Server 9.6: Upgrade to version 9.6.5 or later.
For more detailed information, users are encouraged to consult the Bamboo release notes and download the latest versions from Atlassian’s official download center.
This vulnerability underscores the critical need for organizations to maintain up-to-date software and implement robust security measures.
Atlassian’s proactive approach in addressing this issue through its Bug Bounty program demonstrates a commitment to security and user safety. Users are urged to act promptly to secure their systems against potential exploitation.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access