CVE-2020-36233

Summary

The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.

Affected Software

VendorProductVersion RangeStatus
AtlassianBitbucket Serverunspecified < 6.10.9affected
AtlassianBitbucket Server7.0.0 < unspecifiedaffected
AtlassianBitbucket Serverunspecified < 7.6.4affected
AtlassianBitbucket Server7.7.0 < unspecifiedaffected
AtlassianBitbucket Serverunspecified < 7.10.1affected
AtlassianBitbucket Data Centerunspecified < 6.10.9affected
AtlassianBitbucket Data Center7.0.0 < unspecifiedaffected
AtlassianBitbucket Data Centerunspecified < 7.6.4affected
AtlassianBitbucket Data Center7.7.0 < unspecifiedaffected
AtlassianBitbucket Data Centerunspecified < 7.10.1affected

Weaknesses

  • Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CVE Program Container

Additional References

References