CVE-2017-14590

Name of the Vulnerable Software and Affected Versions Bamboo versions 2.7.0 through 6.1.5 Bamboo versions 6.2.0 through 6.2.4

Description The issue allows an attacker with specific permissions to execute code of their choice on systems running a vulnerable version of Bamboo Server. This can be achieved by creating a repository, editing a plan, or committing to a Mercurial repository used by a Bamboo plan with branch detection enabled, if the attacker has permission to use the repository.

Recommendations For Bamboo versions 2.7.0 through 6.1.5, update to version 6.1.6 or later. For Bamboo versions 6.2.0 through 6.2.4, update to version 6.2.5 or later.