cpe:/a:atlassian:bamboo:6.0.0 cpe:/a:atlassian:bamboo:6.0.1 cpe:/a:atlassian:bamboo:6.0.2 cpe:/a:atlassian:bamboo:6.0.3 cpe:/a:atlassian:bamboo:6.0.4 cpe:/a:atlassian:bamboo:6.1.0 cpe:/a:atlassian:bamboo:6.1.1 cpe:/a:atlassian:bamboo:6.2.0 CVE-2017-9514 2017-10-12T09:29:00.200-04:00 2019-10-02T20:03:26.223-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2017-10-23T14:30:29.920-04:00 BID 101269 CONFIRM https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2017-10-11-938843921.html Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo.