CVE-2018-5225

Summary

In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.

Affected Software

VendorProductVersion RangeStatus
AtlassianBitbucket Server4.13.0 < unspecifiedaffected
AtlassianBitbucket Serverunspecified < 5.4.8affected
AtlassianBitbucket Server5.5.0 < unspecifiedaffected
AtlassianBitbucket Serverunspecified < 5.5.8affected
AtlassianBitbucket Server5.6.0 < unspecifiedaffected
AtlassianBitbucket Serverunspecified < 5.6.5affected
AtlassianBitbucket Server5.7.0 < unspecifiedaffected
AtlassianBitbucket Serverunspecified < 5.7.3affected
AtlassianBitbucket Server5.8.0 < unspecifiedaffected
AtlassianBitbucket Serverunspecified < 5.8.2affected

Weaknesses

  • n/a

ADP Enrichment

CVE Program Container

Additional References

References