CyberSec.Space Logo
CVEブラウザに戻る

CVE-2016-5229

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1390%
EPSS Percentile18.97th
Published2016年8月2日
Last Modified2026年5月6日

Vulnerability Description

Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization.

Affected Platforms (CPE)

📦
Atlassian

Bamboo

<= 5.11.3
📦
Atlassian

Bamboo

= 5.12.0
📦
Atlassian

Bamboo

= 5.12.1
📦
Atlassian

Bamboo

= 5.12.2

References & Advisories

🔗 http://packetstormsecurity.com/files/138053/Bamboo-Deserialization-Issue.html
🔗 http://www.securityfocus.com/archive/1/539003/100/0/threaded
🔗 http://www.securityfocus.com/bid/92057
🔗 https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-07-20-831660461.html
🔗 https://jira.atlassian.com/browse/BAM-17736
🔗 http://packetstormsecurity.com/files/138053/Bamboo-Deserialization-Issue.html
🔗 http://www.securityfocus.com/archive/1/539003/100/0/threaded
🔗 http://www.securityfocus.com/bid/92057

関連する脆弱性情報

CVE-2014-97579.8

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XM...

CVE-2015-83609.8

An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Jav...

CVE-2021-378439.8

The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is k...

CVE-2017-145899.6

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has re...