Lucene search
K

5 matches found

0day.today
0day.today
added 2018/04/07 12:0 a.m.64 views

Atlassian Bamboo 6.x Code Execution Vulnerability

Atlassian Bamboo versions 2.7.0 through 6.3.2 and 6.4.0 suffer from a code execution vulnerability. This email refers to the advisory found at https://confluence.atlassian.com/x/PS9sO . CVE ID: CVE-2018-5224. Product: Bamboo. Affected Bamboo product versions: 2.7.0 = 2.7.0 but less than 6.3.3 the...

0.8AI score0.02822EPSS
Exploits1
OSV
OSV
added 2018/03/29 1:29 p.m.4 views

CVE-2018-5224

Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository,...

8.8CVSS5.9AI score0.02822EPSS
Exploits1References3
CVE
CVE
added 2018/03/29 1:0 p.m.56 views

CVE-2018-5224

CVE-2018-5224 affects Atlassian Bamboo on Windows. The issue arises from improper handling of Mercurial repository URIs, allowing an attacker with repository/plan permissions to execute arbitrary code on vulnerable Bamboo Windows hosts. Affected versions are Bamboo 2.7.0–6.3.2 and 6.4.0–6.4.1 on ...

9CVSS8.7AI score0.02822EPSS
Exploits1References3Affected Software1
Atlassian
Atlassian
added 2018/03/08 4:18 a.m.166 views

Argument injection through Mercurial repository uri handling on Windows - CVE-2018-5224

Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to do one or more of the following: create a repository in Bamboo edit an existing plan in Bamboo that has a...

9CVSS8.5AI score0.02822EPSS
Exploits1Affected Software1
Atlassian
Atlassian
added 2018/03/08 4:18 a.m.43 views

Argument injection through Mercurial repository uri handling on Windows - CVE-2018-5224

Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to do one or more of the following: create a repository in Bamboo edit an existing plan in Bamboo that has a...

9CVSS3.1AI score0.02822EPSS
Exploits1
Rows per page
Query Builder