N/A

Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo.

N/A

N/A

Atlassian Bamboo REST端点安全漏洞

Atlassian Bamboo是澳大利亚Atlassian公司的一套持续集成构建工具。该工具可帮助开发团队使用持续交付功能构建、测试、发布和部署项目。REST endpoint是其中的一个REST端点。 Atlassian Bamboo中的REST端点存在安全漏洞，该漏洞源于程序没有充分的限制类的加载。攻击者可利用该漏洞在系统上执行Java代码。以下版本受到影响：Atlassian Bamboo 6.0.5版本，6.1.4之前的6.1.x版本，6.2.1之前的6.2.x版本。

N/A

N/A