cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2017-8907,https://securityvulnerability.io/vulnerability/CVE-2017-8907,,"Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so.  An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan with a green build, to create a deployment project and execute arbitrary code on an available Bamboo Agent.  By default a local agent is enabled; this means that code execution can occur on the system hosting Bamboo as the user running Bamboo.",Atlassian,Atlassian Bamboo,8.8,HIGH,0.0012000000569969416,false,false,false,false,,false,false,2017-06-14T20:00:00.000Z,0