Atlassian Bamboo 5.12.1
Approved changes feed: RSS · Atom
cpe:2.3:a:atlassian:bamboo:5.12.1:*:*:*:*:*:*:*
part: a version: 5.12.1 update: *
| Vendor | Atlassian (8acde0d4-2b83-5bd8-8d3f-60d59e0b022e) |
|---|---|
| Product | Bamboo (57de54a8-839e-59e5-94c6-5bee320af648) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-8907 |
vulnerable | 2026-06-03 14:37:40.798570 |
Details available
Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan with a green build, to create a deployment project and execute arbitrary code on an available Bamboo Agent. By default a local agent is enabled; this means that code execution can occur on the system hosting Bamboo as the user running Bamboo.
Published: 2017-06-14T20:00:00.000Z
Updated: 2024-10-16T13:45:59.898Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-5229 |
vulnerable | 2026-06-03 14:35:54.644910 |
Details available
Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization.
Published: 2016-08-02T16:00:00.000Z
Updated: 2024-08-06T00:53:48.695Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.