Arbitrary Code Execution Vulnerability in Bamboo by Atlassian
CVE-2018-5224

8.8HIGH

Key Information:

Vendor
Atlassian
Status
Bamboo
Vendor
CVE Published:
29 March 2018

Summary

An issue in Bamboo allowed improperly validated Mercurial repository URIs, permitting attackers with certain permissions to execute arbitrary code on affected Windows systems. This vulnerability impacts various versions of Bamboo, allowing exploitation through the creation or manipulation of repository configurations.

Affected Version(s)

Bamboo 2.7.1

Bamboo < 6.3.3

Bamboo 6.4.0

References

http://www.securityfocus.com/bid/103653
vdb-entryx_refsource_BID
https://jira.atlassian.com/browse/BAM-19743
x_refsource_CONFIRM
https://confluence.atlassian.com/x/PS9sO
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.