Remote Code Execution in Atlassian Bitbucket Server due to Browser Editing Feature
CVE-2018-5225
9.9CRITICAL
Summary
A vulnerability in the browser editing feature of Atlassian Bitbucket Server allows authenticated users to execute remote code. This issue arises from improper handling of symbolic links within repositories. Affected versions include those prior to 5.4.8, 5.5.8, 5.6.5, 5.7.3, and 5.8.2, posing a significant security risk for users relying on this functionality.
Affected Version(s)
Bitbucket Server 4.13.0
Bitbucket Server < 5.4.8
Bitbucket Server 5.5.0
References
CVSS V3.1
Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved