Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-19743

Argument injection through Mercurial repository uri handling on Windows - CVE-2018-5224

      Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to do one or more of the following:

      • create a repository in Bamboo
      • edit an existing plan in Bamboo that has a non-linked Mercurial repository
      • create a plan in Bamboo either globally or in a project using Bamboo Specs

      can execute code of their choice on systems that run a vulnerable version of Bamboo on the Windows operating system.

       

      Affected versions:

      • All versions of Bamboo starting with 2.7.0 before 6.3.3 (the fixed version for 6.3.x) and from version 6.4.0 before 6.4.1 (the fixed version for 6.4.x) running on the Windows operating system are affected by this vulnerability.

      Fix:

      Acknowledgements
      Atlassian would like to credit Zhang Tianqi @ Tophant for reporting this issue to us.

      For additional details see the full advisory.

            [BAM-19743] Argument injection through Mercurial repository uri handling on Windows - CVE-2018-5224

            This is an independent assessment and you should evaluate its applicability to your own IT environment.

            CVSS v3 score: 9.1 => Critical severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity Low
            Privileges Required High
            User Interaction None

            Scope Metric

            Scope Changed

            Impact Metrics

            Confidentiality High
            Integrity High
            Availability High

            https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

            David Black added a comment - This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 9.1 => Critical severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required High User Interaction None Scope Metric Scope Changed Impact Metrics Confidentiality High Integrity High Availability High https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

              Unassigned Unassigned
              dblack David Black
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: