CVE-2017-8907

{"id": "CVE-2017-8907", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-06-14T20:29:00.140", "references": [{"url": "http://www.securityfocus.com/bid/99090", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@atlassian.com"}, {"url": "https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2017-06-14-907283498.html", "tags": ["Vendor Advisory"], "source": "security@atlassian.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan with a green build, to create a deployment project and execute arbitrary code on an available Bamboo Agent. By default a local agent is enabled; this means that code execution can occur on the system hosting Bamboo as the user running Bamboo."}, {"lang": "es", "value": "Atlassian Bamboo, en versiones 5.x anteriores a la 5.15.7 y versiones 6.x anteriores a la 6.0.1, no comprob\u00f3 correctamente si un usuario que crea un proyecto de despliegue ten\u00eda el permiso de edici\u00f3n y, por lo tanto, los derechos para hacerlo. Un atacante que pueda iniciar sesi\u00f3n en Bamboo como usuario sin el permiso de edici\u00f3n para proyectos de despliegue puede emplear esta vulnerabilidad, siempre y cuando exista un plan con un \"green build\" para crear un proyecto de despliegue y ejecute c\u00f3digo arbitrario en un agente Bamboo disponible. Por defecto, un agente local est\u00e1 habilitado."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:bamboo:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "087D5B44-B9A5-480C-9DDA-16132A79E2FD"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE87C15D-09B8-4B5A-866F-5C2C8A43FB01"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2A5DB02-607E-4147-86BD-205BF33C8A18"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54646B4B-05D3-4628-980D-D77C4AAF87F4"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BFD6A97-95B8-4536-AA16-713D76CAC446"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9ACEC08-CD6D-4B8F-8A82-A75F925D130B"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "352DED96-3E03-48EE-9DF2-0DE73E707845"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A9E2D3C-D744-4730-83C6-CAFA0C41C916"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA7AC6DD-FE26-4A33-99BC-E3C0B90C1A93"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95EB3E57-96E8-42EC-95BE-B14770E450C2"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21BC1141-5BE1-4178-9DD7-B7E3CFA59C82"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E64CB47F-1D9B-4C2F-BA47-713F886F2E73"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E209CB6F-F792-41D9-BC09-41FF771E3659"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "650A769F-762F-431F-A6B4-3F4AD97C3A34"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEEBC112-E305-4CE6-A935-1D8DBB5A6ED6"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72284F9F-A0DA-4BED-B2CA-83D525ED4A37"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FF3C458-CA8A-4128-BE1C-0AF405D4CC0C"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C76C64DA-FAB9-4E72-9F71-088406451285"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DF61CCA-0502-4DBB-990A-6F602E947C95"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0F2F76E-8150-4432-96A8-52C1D88C1784"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A2F5445-4C2E-49BF-8B5F-B4AACE00CC5E"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14BAF1A9-0CBF-4B4F-AD8A-7511659D4FA4"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38CC432B-4F6C-48A9-9781-F721D254EBEF"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4CE881C-9283-45C3-8982-5887C85C1962"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4DCD084-030A-4CEB-A16E-765B795E17E1"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E64A9422-8C57-4AA8-A166-1C287C09BA48"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E44C5F8E-3414-46A8-AC8E-FEF270CBA38E"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9027FC28-00AA-4556-AA9F-C9EF816DFD78"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "209C5313-C450-488E-BF5E-531415B8A484"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F42F8BBF-3FEF-4922-ACEF-89899337F574"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF9AAA21-4223-4643-9E39-8DD3FF850B6C"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.9.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9C45391-347E-4343-8585-58400A219FBB"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.11.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA0783B9-8610-4710-B0D6-50220D72231A"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0FA3E09-85DE-48CA-AEC8-ECC5FAA53A5E"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6B16FA0-4131-4C34-AEC8-69F1336FC496"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8E2EBFD-D17C-4539-93D6-5542FC81BD88"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.12.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34040BD5-D443-474E-9AD8-6CD4B2F1F31D"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.12.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FDCCD33-4DB2-4907-A122-D1EE0B41AAC2"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EBC89FA-A835-45A8-B37A-90ED9134F7D4"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30879C5B-3AC0-46B4-81F5-186ED881840F"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49E6287B-03F0-443A-ADCB-D93ED072409C"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B857798E-7088-40D3-A6EF-9F1D674A7DDE"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.14.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A330DDD-E507-42C4-B458-F9825059AF53"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.14.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB54ED38-ABD5-4979-BDB8-0461BA4FE904"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.14.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07E21495-A028-4F71-B21C-FBADF3BA8543"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.14.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "493B321D-0034-4AED-8270-3055470BFA77"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.14.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBFD20A5-B693-4801-9662-79FD68D26FDA"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "888DEC36-D4F3-403B-A2F8-83B3AF307934"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.15.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87A11F1D-704A-4FE8-98A6-F1880E20B8A7"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.15.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CB66A4E-79FD-4793-9218-65A3472ED517"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.15.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D505A45B-431C-4C5A-B6FC-96C32D31FB33"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:5.15.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E03895CD-67B9-4F3C-A4C5-9DBED3AF3014"}, {"criteria": "cpe:2.3:a:atlassian:bamboo:6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DACC3EE-5898-457C-B9FE-DCBA2634DE4F"}], "operator": "OR"}]}], "sourceIdentifier": "security@atlassian.com"}