Bamboo prior to 6.0.5, 6.1.x prior to 6.1.4, and 6.2.x prior to 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian bamboo 6.0.4 |
||
atlassian bamboo 6.2.0 |
||
atlassian bamboo 6.1.0 |
||
atlassian bamboo 6.1.1 |
||
atlassian bamboo 6.0.1 |
||
atlassian bamboo 6.0.3 |
||
atlassian bamboo 6.0.0 |
||
atlassian bamboo 6.0.2 |