Lucene search
AtlassianCVELIST:CVE-2017-8907HistoryJun 14, 2017 - 8:00 p.m.
CVE-2017-8907
2017-06-1420:00:00
atlassian
www.cve.org
0.001 Low
EPSS
Percentile
45.5%
Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan with a green build, to create a deployment project and execute arbitrary code on an available Bamboo Agent. By default a local agent is enabled; this means that code execution can occur on the system hosting Bamboo as the user running Bamboo.
CNA Affected
[
{
"product": "Atlassian Bamboo",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "5.0.0 <= version < 5.15.7"
},
{
"status": "affected",
"version": "6.0.0 <= version < 6.0.1"
}
]
}
]Related
atlassian
atlassian
Incorrect permission check for deployment projects (CVE-2017-8907)
2017-05-23 04:07:36
Incorrect permission check for deployment projects (CVE-2017-8907)
2017-05-23 04:07:36
nessus
nessus
Atlassian Bamboo 5.x < 5.15.7 / 6.0.x < 6.0.1 Incorrect Permission Check RCE
2017-06-23 00:00:00
nvd
nvd
CVE-2017-8907
2017-06-14 20:29:00
openvas
openvas
Atlassian Bamboo RCE Vulnerability
2017-06-16 00:00:00
cve
cve
CVE-2017-8907
2017-06-14 20:29:00
prion
prion
Design/Logic Flaw
2017-06-14 20:29:00