Atlassian Bamboo: Attackers can compromise development environments
Attacks on Atlassian Bamboo Data Center and servers are conceivable. Versions secured against this have been released.
![Bamboo needs an update](https://heise.cloudimg.io/width/610/q85.png-lossy-85.webp-lossy-85.foil1/_www-heise-de_/imgs/18/4/6/3/6/4/0/6/shutterstock_2180443675-fdfc1995a4a06e47.jpeg)
Bamboo needs an update
(Image: monticello/Shutterstock.com)
Atlassian's Bamboo Data Center and Server software development tools are vulnerable. Under certain conditions, attackers can exploit a security vulnerability.
Install a security update
A warning message indicates that the vulnerability (CVE-2024-21687) is classified with a threat level of"high". However, attacks are only possible if attackers are authenticated. If this requirement is met, they can, among other things, execute files and compromise the integrity of a software development environment. There is currently no information on how an attack works.
Atlassian states that it has repaired versions 9.2.16 LTS and 9.6.4 LTS. The vulnerability was reported via the software solution provider's bug bounty program. There are currently no reports as to whether attacks are already taking place.
(des)