CVE-2017-8907
Published Jun 14, 2017
Last updated a month ago
Overview
- Description
- Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan with a green build, to create a deployment project and execute arbitrary code on an available Bamboo Agent. By default a local agent is enabled; this means that code execution can occur on the system hosting Bamboo as the user running Bamboo.
- Source
- security@atlassian.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 3.0
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "087D5B44-B9A5-480C-9DDA-16132A79E2FD"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.0:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE87C15D-09B8-4B5A-866F-5C2C8A43FB01"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.0:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C2A5DB02-607E-4147-86BD-205BF33C8A18"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.0:beta3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54646B4B-05D3-4628-980D-D77C4AAF87F4"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4BFD6A97-95B8-4536-AA16-713D76CAC446"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9ACEC08-CD6D-4B8F-8A82-A75F925D130B"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "352DED96-3E03-48EE-9DF2-0DE73E707845"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A9E2D3C-D744-4730-83C6-CAFA0C41C916"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA7AC6DD-FE26-4A33-99BC-E3C0B90C1A93"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "95EB3E57-96E8-42EC-95BE-B14770E450C2"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21BC1141-5BE1-4178-9DD7-B7E3CFA59C82"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E64CB47F-1D9B-4C2F-BA47-713F886F2E73"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E209CB6F-F792-41D9-BC09-41FF771E3659"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "650A769F-762F-431F-A6B4-3F4AD97C3A34"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EEEBC112-E305-4CE6-A935-1D8DBB5A6ED6"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72284F9F-A0DA-4BED-B2CA-83D525ED4A37"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8FF3C458-CA8A-4128-BE1C-0AF405D4CC0C"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C76C64DA-FAB9-4E72-9F71-088406451285"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DF61CCA-0502-4DBB-990A-6F602E947C95"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F0F2F76E-8150-4432-96A8-52C1D88C1784"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A2F5445-4C2E-49BF-8B5F-B4AACE00CC5E"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14BAF1A9-0CBF-4B4F-AD8A-7511659D4FA4"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38CC432B-4F6C-48A9-9781-F721D254EBEF"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4CE881C-9283-45C3-8982-5887C85C1962"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.8.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B4DCD084-030A-4CEB-A16E-765B795E17E1"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.8.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E64A9422-8C57-4AA8-A166-1C287C09BA48"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E44C5F8E-3414-46A8-AC8E-FEF270CBA38E"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.9.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9027FC28-00AA-4556-AA9F-C9EF816DFD78"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.9.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "209C5313-C450-488E-BF5E-531415B8A484"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.9.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F42F8BBF-3FEF-4922-ACEF-89899337F574"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.9.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF9AAA21-4223-4643-9E39-8DD3FF850B6C"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.9.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9C45391-347E-4343-8585-58400A219FBB"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.11.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA0783B9-8610-4710-B0D6-50220D72231A"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.12.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0FA3E09-85DE-48CA-AEC8-ECC5FAA53A5E"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.12.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D6B16FA0-4131-4C34-AEC8-69F1336FC496"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.12.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C8E2EBFD-D17C-4539-93D6-5542FC81BD88"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.12.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34040BD5-D443-474E-9AD8-6CD4B2F1F31D"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.12.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0FDCCD33-4DB2-4907-A122-D1EE0B41AAC2"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.13.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9EBC89FA-A835-45A8-B37A-90ED9134F7D4"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.13.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30879C5B-3AC0-46B4-81F5-186ED881840F"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.13.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49E6287B-03F0-443A-ADCB-D93ED072409C"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.14.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B857798E-7088-40D3-A6EF-9F1D674A7DDE"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.14.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A330DDD-E507-42C4-B458-F9825059AF53"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.14.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB54ED38-ABD5-4979-BDB8-0461BA4FE904"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.14.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07E21495-A028-4F71-B21C-FBADF3BA8543"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.14.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "493B321D-0034-4AED-8270-3055470BFA77"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.14.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DBFD20A5-B693-4801-9662-79FD68D26FDA"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.15.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "888DEC36-D4F3-403B-A2F8-83B3AF307934"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.15.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87A11F1D-704A-4FE8-98A6-F1880E20B8A7"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.15.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CB66A4E-79FD-4793-9218-65A3472ED517"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.15.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D505A45B-431C-4C5A-B6FC-96C32D31FB33"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:5.15.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E03895CD-67B9-4F3C-A4C5-9DBED3AF3014"
},
{
"criteria": "cpe:2.3:a:atlassian:bamboo:6.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1DACC3EE-5898-457C-B9FE-DCBA2634DE4F"
}
],
"operator": "OR"
}
]
}
]