What is CVE-2015-8361?

CVE-2015-8361 is a critical-severity vulnerability in Atlassian Bamboo, classified under Improper Access Control. CVSS score: 9.1/10. Published 2016-02-08.

How severe is CVE-2015-8361?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Vulnerability in Atlassian Bamboo

CVE-2015-8361

Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vecto…

EPSS: 0.005 (67.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Atlassian Bamboo — versions 2.4, 2.4.1, 2.4.2
N/a — versions n/a

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

20160122 January 2016 - Bamboo - Critical Security Advisory (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2015-8361?: CVE-2015-8361 is a critical-severity vulnerability in Atlassian Bamboo, classified under Improper Access Control. CVSS score: 9.1/10. Published 2016-02-08.
How severe is CVE-2015-8361?: Critical severity. CVSS v3 base score is 9.1 out of 10.