Atlassian has issued a patch for a high severity vulnerability in its Bamboo Data Center and Server products, which is a Remote Code Execution.
The vulnerability tracked as CVE-2024-21689 with a CVSS score of 7.6, which stems in several versions of Bamboo Data Center and Server, specifically versions 9.1.0 through 9.6.0. The vulnerability allows an authenticated attacker to execute arbitrary code within the bamboo environment.
This vulnerability is particularly affects organizations relying on Bamboo for continuous integration and deployment processes. An exploited RCE could result in unauthorized code execution, potentially compromising the entire software development pipeline.
Atlassian has released fixes and urged customers to upgrade their Bamboo instances. For those unable to upgrade to the latest release, the company advises updating to one of the specified versions that include patches for CVE-2024-21689:
- Bamboo Data Center and Server 9.2: Upgrade to version 9.2.17 or later.
- Bamboo Data Center and Server 9.6: Upgrade to version 9.6.5 or later.
Administrators are urged to prioritize these upgrades to mitigate the risks.
