3 matches found
Bamboo 6.x Remote Code Execution Vulnerability
Bamboo versions prior to 6.0.5, 6.1.4, and 6.2.1 suffer from a code execution vulnerability. Bamboo 6.x Remote Code Execution CVE ID: CVE-2017-9514. Product: Bamboo. Affected Bamboo product versions: 6.0.0 = 6.0.0 but less than 6.0.5 the fixed version for 6.0.x or who have downloaded and installe...
CVE-2017-9514
Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on...
CVE-2017-9514
CVE-2017-9514 affects Atlassian Bamboo. A REST endpoint could parse YAML and did not adequately restrict loaded classes, enabling an authenticated user to execute Java code on vulnerable Bamboo versions. Affected ranges: 6.0.x before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1. Remediation ...