NVD

Id
28535  
Name
CVE-2015-8361  
Description
Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port.  
Reject
 
CVSS Version
2  
CVSS Score
6.4  
Severity
Medium  
CVSS Base Score
6.4  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:N)  
Pub Date
2017-01-19  
Published
2016-02-08  
Modified Date
2016-02-19  
Seq
2015-8361  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
149906 28535 CVE-2015-8361 http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html  View
149907 28535 CVE-2015-8361 20160122 January 2016 - Bamboo - Critical Security Advisory  View
149908 28535 CVE-2015-8361 https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html  View
149909 28535 CVE-2015-8361 https://jira.atlassian.com/browse/BAM-17102  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
11548 JVNDB-2015-006868 Atlassian Bamboo の複数の不特定のサービスにおける重要な情報を取得される脆弱性 Atlassian Bamboo の複数の不特定のサービスは、認証を要求しないため、重要な情報を取得される、設定を変更される、またはビルドエージェントを管理される脆弱性が存在します。 CVE-2015-8361 85586 CVE-2015-8361 28535 6.4 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-006868.html 2015-11-25 2016-02-18 View