Atlassian Bamboo Data Center
Moderate fix3 remedies
cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*
Moderate fix3 remedies
- 9.6.0
- 10.0.0
- 10.1.0
- 10.2.0
- 11.0.0
- 11.1.0
- 12.0.0
- 12.1.0
Atlassian Bamboo Data Center OS Command Injection Vulnerability Allowing Remote Code Execution
Vulnerability
Patched
A critical OS command injection vulnerability has been identified in Atlassian Bamboo Data Center versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0. This vulnerability allows authenticated attackers to execute commands on the remote system, leading to remote code execution. The vulnerability has a CVSS score of 9.4 and was introduced in the mentioned versions.
Impact
Exploitation of this vulnerability allows for remote code execution on the affected system.
Remediation
Users are advised to upgrade to the latest version of Bamboo Data Center. If unable to do so, upgrade to one of the following supported fixed versions: 9.6.0 (to 9.6.25), 10.2 (to 10.2.18), or 12.1 (to 12.1.6).
Added: Apr 21, 2026, 5:34 PM
Updated: Apr 21, 2026, 5:34 PM
Vulnerability Rating
Custom Algorithm
spread
1.9impact
10.0exploitability
5.2remediation
7.7relevance
6.4threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.