Our bamboo was hacked today, and this is something you want to avoid at all costs. Ensuring that your atlassian stack is up to date at all times is essential to avoid unpleasant surprises. Always upgrade your atlassian stack.
We have a saying here in Belgium – ‘Bakers always eat old bread’ … because all the new bread is sold to customers. The same applies to us – we didn’t upgrade our own atlassian stack in time as we are busy helping our clients.
The consequence … our bamboo was vulnerable for a remote code execution attack – a Struts2 Exploit. (More information here)
Luckily this hack was performed by a ‘ethical hacker’ who was so nice to tell about his (or her) activity and prove it with a couple of screenshots of internal directories.
One can imagine that much worse could have been done, and still it is not a pleasant surprise.
We immediately stopped our bamboo, scanned the machine for any additional hacks, and upgraded bamboo to the latest version.
It took less than an hour to go through these steps. Together with a more secure system, we do have now the latest version of Bamboo running.
We learned following lessons
- It can happen to anyone – including your own organisation
- Monitor the security advisories sent out by Atlassian
Check details Security Advisory Publishing. You can adapt your email settings such that you get notified whenever a security advisory is sent.
- Upgrade your environment from the moment such security advisory is sent out.
There are many ways to ensure your environment is easy to upgrade. We are using docker for this purpose.
Thanks for the ethical hacker to draw our attention to this vulnerability.