CVE-2015-6576

Опубликовано: 03 окт. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource.

Ссылки

http://packetstormsecurity.com/files/134065/Bamboo-Java-Code-Execution.html
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/536747/100/0/threaded
Third Party Advisory
VDB Entry
https://confluence.atlassian.com/x/Hw7RLg
Vendor Advisory
https://jira.atlassian.com/browse/BAM-16439
Issue Tracking
Vendor Advisory
http://packetstormsecurity.com/files/134065/Bamboo-Java-Code-Execution.html
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/536747/100/0/threaded
Third Party Advisory
VDB Entry
https://confluence.atlassian.com/x/Hw7RLg
Vendor Advisory
https://jira.atlassian.com/browse/BAM-16439
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*

Версия от 2.2 (включая) до 5.8.5 (исключая)

cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*

Версия от 5.9 (включая) до 5.9.7 (исключая)

EPSS

Процентиль: 84%

0.02273

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-wq88-7mxf-ggcp