Vulnerability Details CVE-2017-9514
Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2017-9514
-
cpe:2.3:a:atlassian:bamboo:6.0.0
-
cpe:2.3:a:atlassian:bamboo:6.0.1
-
cpe:2.3:a:atlassian:bamboo:6.0.2
-
cpe:2.3:a:atlassian:bamboo:6.0.3
-
cpe:2.3:a:atlassian:bamboo:6.0.4
-
cpe:2.3:a:atlassian:bamboo:6.1.0
-
cpe:2.3:a:atlassian:bamboo:6.1.1
-
cpe:2.3:a:atlassian:bamboo:6.2.0