CVE-2017-14589

Name of the Vulnerable Software and Affected Versions Bamboo versions prior to 6.1.6 Bamboo versions 6.2.0 through 6.2.4

Description The issue allows for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags. An attacker with restricted administration rights to Bamboo, or who hosts a website visited by a Bamboo administrator, can exploit this to execute Java code of their choice on systems running a vulnerable version of Bamboo.

Recommendations For Bamboo versions prior to 6.1.6, update to version 6.1.6 or later. For Bamboo versions 6.2.0 through 6.2.4, update to version 6.2.5 or later.