Atlassian Bamboo prior to 5.11.4.1 and 5.12.x prior to 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote malicious users to execute arbitrary code via vectors related to XStream Serialization.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian bamboo 5.12.2 |
||
atlassian bamboo 5.12.1 |
||
atlassian bamboo 5.12.0 |
||
atlassian bamboo |