CVE-2017-14590

3 documents3 sources
Severity
9.1CRITICAL
EPSS
0.5%
top 34.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Atlassian Bamboo
Timeline
PublishedDec 13
Latest updateMay 13

Description

Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least one linked Mercurial repository that the attacker has permission to use, or commit to a Mercurial repository used by a Bamboo plan which has branch detection enabled can execute code of their choice on systems that run a

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages2 packages

NVDatlassian/bamboo2.7.06.1.6+1
CVEListV5atlassian/bamboofrom 2.7.0 before 6.1.6 (the fixed version for 6.1.x), from 6.2.0 before 6.2.5+1

Patches

Patch: confluence.atlassian.comPatch: jira.atlassian.comPatch: confluence.atlassian.com

🔴Vulnerability Details

2
GHSA
GHSA-6qp2-wv9g-xq2p: Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters2022-05-13
CVEList
CVE-2017-14590: Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters2017-12-13
CVE-2017-14590 (CRITICAL CVSS 9.1) | Bamboo did not check that the name | cvebase.io