CVE-2016-5229

CVE Database · CVE-2016-5229

CVE-2016-5229

· N/AModified

CVSS v3.1

N/A

EPSS

7.09%

Published

Aug 2, 2016

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization.

Weaknesses (CWE)

CWE-284

Affected Products (4)

atlassian · bamboovulnerable

References (10)

http://packetstormsecurity.com/files/138053/Bamboo-Deserialization-Issue.html

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/539003/100/0/threaded

http://www.securityfocus.com/bid/92057

Third Party AdvisoryVDB Entry

https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-07-20-831660461.html

Vendor Advisory

https://jira.atlassian.com/browse/BAM-17736

Issue Tracking

http://packetstormsecurity.com/files/138053/Bamboo-Deserialization-Issue.html

Third Party AdvisoryVDB Entry

KEV Catalog EPSS Scores Vendors All CVEs