During an internal review Adaptavist found a security vulnerability in ScriptRunner for Bamboo. According to Atlassian's security severity levels this vulnerability is classified as critical. All versions of ScriptRunner for Bamboo are affected.
We strongly recommend customers update at their earliest opportunity to patch this vulnerability.
How to fix the vulnerability
This vulnerability can be fixed by upgrading ScriptRunner for Bamboo. Full instructions on how to upgrade an app can be found on Atlassian's support page. Updates are available for all affected versions.
Further details will be released in due course as part of Adaptavist's commitment to responsible disclosure. Adaptavist is committed to providing powerful and secure apps for Atlassian products and we are unaware of any instances of this vulnerability being exploited across our customer base. If you have urgent questions please contact our support team.