csaf_certbund - wid-sec-w-2025-0400

WID-SEC-W-2025-0400

Vulnerability from csaf_certbund - Published: 2025-02-18 23:00 - Updated: 2025-02-18 23:00

Summary

Atlassian Bamboo/Jira : Mehrere Schwachstellen ermöglichen Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet. Jira ist eine Webanwendung zur Softwareentwicklung.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Atlassian Bamboo und Jira ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\n\r\nJira ist eine Webanwendung zur Softwareentwicklung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Atlassian Bamboo und Jira ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0400 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0400.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0400 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0400"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin vom 2025-02-18",
        "url": "https://jira.atlassian.com/browse/BAM-26027"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin vom 2025-02-18",
        "url": "https://jira.atlassian.com/browse/BAM-26010"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin vom 2025-02-18",
        "url": "https://jira.atlassian.com/browse/JSWSERVER-26299"
      }
    ],
    "source_lang": "en-US",
    "title": "Atlassian Bamboo/Jira : Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2025-02-18T23:00:00.000+00:00",
      "generator": {
        "date": "2025-02-19T10:50:39.748+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0400",
      "initial_release_date": "2025-02-18T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-02-18T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.2.21",
                "product": {
                  "name": "Atlassian Bamboo \u003c9.2.21",
                  "product_id": "1720796"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.21",
                "product": {
                  "name": "Atlassian Bamboo \u003c9.2.21",
                  "product_id": "1720796-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.6.7",
                "product": {
                  "name": "Atlassian Bamboo \u003c9.6.7",
                  "product_id": "T041280"
                }
              },
              {
                "category": "product_version",
                "name": "9.6.7",
                "product": {
                  "name": "Atlassian Bamboo 9.6.7",
                  "product_id": "T041280-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:9.6.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.0.2",
                "product": {
                  "name": "Atlassian Bamboo \u003c10.0.2",
                  "product_id": "T041281"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.0.2",
                "product": {
                  "name": "Atlassian Bamboo \u003c10.0.2",
                  "product_id": "T041281-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.2.1",
                "product": {
                  "name": "Atlassian Bamboo \u003c10.2.1",
                  "product_id": "T041283"
                }
              },
              {
                "category": "product_version",
                "name": "10.2.1",
                "product": {
                  "name": "Atlassian Bamboo 10.2.1",
                  "product_id": "T041283-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:10.2.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.6.10",
                "product": {
                  "name": "Atlassian Bamboo \u003c9.6.10",
                  "product_id": "T041289"
                }
              },
              {
                "category": "product_version",
                "name": "9.6.10",
                "product": {
                  "name": "Atlassian Bamboo 9.6.10",
                  "product_id": "T041289-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:9.6.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bamboo"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.4.28",
                "product": {
                  "name": "Atlassian Jira \u003c9.4.28",
                  "product_id": "T041294"
                }
              },
              {
                "category": "product_version",
                "name": "9.4.28",
                "product": {
                  "name": "Atlassian Jira 9.4.28",
                  "product_id": "T041294-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:9.4.28"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.12.15",
                "product": {
                  "name": "Atlassian Jira \u003c9.12.15",
                  "product_id": "T041295"
                }
              },
              {
                "category": "product_version",
                "name": "9.12.15",
                "product": {
                  "name": "Atlassian Jira 9.12.15",
                  "product_id": "T041295-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:9.12.15"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.17.4",
                "product": {
                  "name": "Atlassian Jira \u003c9.17.4",
                  "product_id": "T041296"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.17.4",
                "product": {
                  "name": "Atlassian Jira \u003c9.17.4",
                  "product_id": "T041296-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.1.2",
                "product": {
                  "name": "Atlassian Jira \u003c10.1.2",
                  "product_id": "T041297"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.2",
                "product": {
                  "name": "Atlassian Jira 10.1.2",
                  "product_id": "T041297-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:10.1.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Jira"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-47072",
      "product_status": {
        "known_affected": [
          "1720796",
          "T041281",
          "T041289"
        ]
      },
      "release_date": "2025-02-18T23:00:00.000+00:00",
      "title": "CVE-2024-47072"
    },
    {
      "cve": "CVE-2024-7254",
      "product_status": {
        "known_affected": [
          "T041297",
          "T041296",
          "T041295",
          "T041294",
          "T041281",
          "T041280"
        ]
      },
      "release_date": "2025-02-18T23:00:00.000+00:00",
      "title": "CVE-2024-7254"
    }
  ]
}

CVE-2024-7254 (GCVE-0-2024-7254)

Vulnerability from cvelistv5 – Published: 2024-09-19 00:18 – Updated: 2025-09-08 09:37

Summary

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.

Severity ?

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-400 - Uncontrolled Resource Consumption
CWE-674 - Uncontrolled Recursion

Assigner

Google

References

URL

Tags

https://github.com/protocolbuffers/protobuf/commi…

Impacted products

Vendor

Product

Version

Google

Protocol Buffers

Affected: 0 , < 28.2 (custom)

Google	protobuf-java	Affected: 0 , < 3.25.5 (custom) Affected: 0 , < 4.27.5 (custom) Affected: 0 , < 4.28.2 (custom)
Google	protobuf-javalite	Affected: 0 , < 3.25.5 (custom) Affected: 0 , < 4.27.5 (custom) Affected: 0 , < 4.28.2 (custom)
Google	protobuf-kotlin	Affected: 0 , < 3.25.5 (custom) Affected: 0 , < 4.27.5 (custom) Affected: 0 , < 4.28.2 (custom)
Google	protobuf-kotllin-lite	Affected: 0 , < 3.25.5 (custom) Affected: 0 , < 4.27.5 (custom) Affected: 0 , < 4.28.2 (custom)
Google	google-protobuf [JRuby Gem]	Affected: 0 , < 3.25.5 (custom) Affected: 0 , < 4.27.5 (custom) Affected: 0 , < 4.28.2 (custom)

Credits

Alexis Challande, Trail of Bits Ecosystem Security Team <ecosystem@trailofbits.com>

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:google:protobuf:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "protobuf",
            "vendor": "google",
            "versions": [
              {
                "lessThan": "28.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:google:google-protobuf:*:*:*:*:*:ruby:*:*",
              "cpe:2.3:a:google:protobuf-java:*:*:*:*:*:*:*:*",
              "cpe:2.3:a:google:protobuf-javalite:*:*:*:*:*:*:*:*",
              "cpe:2.3:a:google:protobuf-kotlin:*:*:*:*:*:*:*:*",
              "cpe:2.3:a:google:protobuf-kotlin-lite:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "protobuf-kotlin-lite",
            "vendor": "google",
            "versions": [
              {
                "lessThan": "3.25.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.27.5",
                "status": "affected",
                "version": "4.27",
                "versionType": "custom"
              },
              {
                "lessThan": "4.28.2",
                "status": "affected",
                "version": "4.28",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7254",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T14:29:43.468555Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T14:46:14.517Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-19T00:11:07.841Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20241213-0010/"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250418-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Protocol Buffers",
          "repo": "https://github.com/protocolbuffers/protobuf",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "28.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://mvnrepository.com/artifact/com.google.protobuf/protobuf-java",
          "defaultStatus": "unaffected",
          "product": "protobuf-java",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "3.25.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.27.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.28.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "protobuf-javalite",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "3.25.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.27.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.28.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "protobuf-kotlin",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "3.25.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.27.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.28.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "protobuf-kotllin-lite",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "3.25.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.27.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.28.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://rubygems.org/gems/google-protobuf",
          "defaultStatus": "unaffected",
          "product": "google-protobuf [JRuby Gem]",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "3.25.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.27.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.28.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Alexis Challande, Trail of Bits Ecosystem Security Team \u003cecosystem@trailofbits.com\u003e"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAny project that parses untrusted Protocol Buffers data\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;containing an arbitrary number of nested \u003c/span\u003e\u003ccode\u003egroup\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003es / series of \u003c/span\u003e\u003ccode\u003eSGROUP\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;tags can corrupted by exceeding the stack limit i.e. StackOverflow. \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eParsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Any project that parses untrusted Protocol Buffers data\u00a0containing an arbitrary number of nested groups / series of SGROUP\u00a0tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674 Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-08T09:37:53.702Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Stack overflow in Protocol Buffers Java Lite",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2024-7254",
    "datePublished": "2024-09-19T00:18:45.824Z",
    "dateReserved": "2024-07-29T21:41:56.116Z",
    "dateUpdated": "2025-09-08T09:37:53.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47072 (GCVE-0-2024-47072)

Vulnerability from cvelistv5 – Published: 2024-11-07 23:38 – Updated: 2025-11-03 22:19

Summary

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream 1.4.21 has been patched to detect the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. Users are advised to upgrade. Users unable to upgrade may catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-121 - Stack-based Buffer Overflow
CWE-502 - Deserialization of Untrusted Data

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	x-stream	xstream	Affected: < 1.4.21

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-0400

CVE-2024-7254 (GCVE-0-2024-7254)

CVE-2024-47072 (GCVE-0-2024-47072)

Tags

Sightings

Nomenclature