CVE-2017-9514

Name of the Vulnerable Software and Affected Versions Bamboo versions prior to 6.0.5 Bamboo versions 6.1.x prior to 6.1.4 Bamboo versions 6.2.x prior to 6.2.1

Description The issue concerns a REST endpoint that parses a YAML file but does not sufficiently restrict which classes can be loaded. An attacker with login credentials to Bamboo can exploit this to execute Java code of their choice on systems running vulnerable versions of Bamboo.

Recommendations For versions prior to 6.0.5, update to version 6.0.5 or later. For versions 6.1.x prior to 6.1.4, update to version 6.1.4 or later. For versions 6.2.x prior to 6.2.1, update to version 6.2.1 or later.