CVE-2018-5225
N/A
N/A
Summary
In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Atlassian | Bitbucket Server | 4.13.0 < unspecified | affected |
| Atlassian | Bitbucket Server | unspecified < 5.4.8 | affected |
| Atlassian | Bitbucket Server | 5.5.0 < unspecified | affected |
| Atlassian | Bitbucket Server | unspecified < 5.5.8 | affected |
| Atlassian | Bitbucket Server | 5.6.0 < unspecified | affected |
| Atlassian | Bitbucket Server | unspecified < 5.6.5 | affected |
| Atlassian | Bitbucket Server | 5.7.0 < unspecified | affected |
| Atlassian | Bitbucket Server | unspecified < 5.7.3 | affected |
| Atlassian | Bitbucket Server | 5.8.0 < unspecified | affected |
| Atlassian | Bitbucket Server | unspecified < 5.8.2 | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://jira.atlassian.com/browse/BSERV-10684
- http://www.securityfocus.com/bid/103488
- https://confluence.atlassian.com/x/3WNsO
References
- https://jira.atlassian.com/browse/BSERV-10684
- http://www.securityfocus.com/bid/103488
- https://confluence.atlassian.com/x/3WNsO
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.