Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-21689 PoC — Atlassian Bamboo 安全漏洞

Source
https://github.com/salvadornakamura/CVE-2024-21689
Associated Vulnerability
Title:Atlassian Bamboo 安全漏洞 (CVE-2024-21689)
Description:This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689  was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.17 Bamboo Data Center and Server 9.6: Upgrade to a release greater than or equal to 9.6.5 See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives]). This vulnerability was reported via our Bug Bounty program.
Description
CVE-2024–21689 RCE Bamboo Data Center and Server Atlassian POC
Readme
#CVE-2024–21689 RCE Bamboo Data Center and Server Atlassian

## CVSS Score - 7.6 🔥

## Description
This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689  was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.

### Running the Script

- **Single URL Mode**:
  ```bash
  python3 exploit.py -u http://<target-ip>:8090 -c "whoami"
  ```
- **File Mode** (for multiple IPs):
  ```bash
  python3 exploit.py -f ips.txt -c "whoami"
  ```
- **Interactive Shell Mode**:
  ```bash
  python3 exploit.py -u http://<target-ip>:8090 --shell
  ```
- **Nuclei**:
  ```bash
  nuclei exploit.yaml -f file.txt
  ```

## Contact

Contact me in TOX: 6FDB3C4D5E6F7G8H9I0J1K2L3M4N5O6P7Q8R9S0TQDQ2
File Snapshot

 [4.0K]  /data/pocs/20f3ebf2f69226cd78ea6992c01efb848839477e
├── [  90]  exploit.txt
└── [1011]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →