The host is installed with Bamboo CI server 2.4.0 before 2.5.2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle an issue in the SAML Single Sign On plugin. Successful exploitation could allow locally disabled users to reactivate their accounts just by browsing the affected instance.