5 matches found
Atlassian Bamboo 6.x Code Execution Vulnerability
Atlassian Bamboo versions 2.7.0 through 6.3.2 and 6.4.0 suffer from a code execution vulnerability. This email refers to the advisory found at https://confluence.atlassian.com/x/PS9sO . CVE ID: CVE-2018-5224. Product: Bamboo. Affected Bamboo product versions: 2.7.0 = 2.7.0 but less than 6.3.3 the...
CVE-2018-5224
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository,...
CVE-2018-5224
CVE-2018-5224 affects Atlassian Bamboo on Windows. The issue arises from improper handling of Mercurial repository URIs, allowing an attacker with repository/plan permissions to execute arbitrary code on vulnerable Bamboo Windows hosts. Affected versions are Bamboo 2.7.0–6.3.2 and 6.4.0–6.4.1 on ...
Argument injection through Mercurial repository uri handling on Windows - CVE-2018-5224
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to do one or more of the following: create a repository in Bamboo edit an existing plan in Bamboo that has a...
Argument injection through Mercurial repository uri handling on Windows - CVE-2018-5224
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to do one or more of the following: create a repository in Bamboo edit an existing plan in Bamboo that has a...