CVE-2017-9514
First published: Thu Oct 12 2017(Updated: )
Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Bamboo | =6.0.0 | |
| Atlassian Bamboo | =6.0.1 | |
| Atlassian Bamboo | =6.0.2 | |
| Atlassian Bamboo | =6.0.3 | |
| Atlassian Bamboo | =6.0.4 | |
| Atlassian Bamboo | =6.1.0 | |
| Atlassian Bamboo | =6.1.1 | |
| Atlassian Bamboo | =6.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-9514?
The severity of CVE-2017-9514 is rated high with a CVSS score of 8.8.
How do I fix CVE-2017-9514?
To fix CVE-2017-9514, you should upgrade Bamboo to version 6.0.5 or later, or to version 6.1.4 and later, or 6.2.1 and later.
What systems are affected by CVE-2017-9514?
CVE-2017-9514 affects Atlassian Bamboo versions 6.0.0 through 6.0.4, 6.1.0 through 6.1.3, and 6.2.0.
What type of vulnerability is CVE-2017-9514?
CVE-2017-9514 is a vulnerability that allows unauthorized execution of Java code through insufficient class loading restrictions.
Who can exploit CVE-2017-9514?
An attacker who has logged in as a user can exploit CVE-2017-9514 to execute arbitrary Java code.
- collector/nvd-index
- vendor/atlassian
- product/bamboo
- canonical/atlassian bamboo