CVE-2018-5224
Severity
8.8HIGH
EPSS
0.9%
top 23.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 29
Latest updateMay 14
Description
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository, or create a plan in Bamboo either globally or in a project using Bamboo Specs can can execute code of their choice on systems that run a vulnerable version of Bamboo on the Windows operating system. All…
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages2 packages
🔴Vulnerability Details
2GHSA▶
GHSA-5h5c-rh7j-pwpg: Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument param↗2022-05-14
CVEList▶
CVE-2018-5224: Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument param↗2018-03-29