Securing Bamboo against potential SSRF attacks
Attackers may use server-side request forgery (SSRF) vulnerabilities to access or modify data and resources that are not directly accessible from outside of your network.
We've been able to determine the following possible attack vectors against Bamboo:
/rest/api/latest/repository/testConnectionendpoint allows scanning internal services of the victim's host. This enables the attacker to identify services through port enumeration and discover private files through file enumeration.
- A harmful webhook set up by an attacker that allows them to exploit an SSRF vulnerability to scan and read internal files on the victim's host.
If you have any non-public services accessible from the machine hosting your Bamboo instance, we recommend that you enable authentication for those services to protect your network against unauthorized access.