3 matches found
CVE-2017-14590
CVE-2017-14590 affects Atlassian Bamboo. The issue arises when Bamboo does not validate that a Mercurial branch name contains argument parameters, enabling an attacker with permissions to create/edit repositories or plans, or commit to a Mercurial repo used by a plan with branch detection, to exe...
Argument injection in Mercurial repository handling - CVE-2017-14590
Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to do one or more of the following: create a repository in Bamboo edit an existing plan in Bamboo that has a non-linked Mercurial repository create or edit a plan...
Argument injection in Mercurial repository handling - CVE-2017-14590
Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to do one or more of the following: create a repository in Bamboo edit an existing plan in Bamboo that has a non-linked Mercurial repository create or edit a plan...