Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan with a green build, to create a deployment project and execute arbitrary code on an available Bamboo Agent. By default a local agent is enabled; this means that code execution can occur on the system hosting Bamboo as the user running Bamboo.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Atlassian Bamboo 权限许可和访问控制问题漏洞
Vulnerability Description
Atlassian Bamboo是澳大利亚Atlassian公司的一套持续集成构建工具。该工具可帮助开发团队使用持续交付功能构建、测试、发布和部署项目。 Atlassian Bamboo 5.15.7之前的5.x版本和6.0.1之前的6.x版本中存在安全漏洞。攻击者可利用该漏洞在可用的Bamboo Agent上创建部署项目,执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A