Overview
- Description
- In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.
- Source
- security@atlassian.com
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-59
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DBD82B36-AC2E-4658-AF54-08AD80ADC204",
"versionEndExcluding": "5.4.8",
"versionStartIncluding": "4.13.0"
},
{
"criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5851BBBD-A981-4EDF-908D-26777D56BC28",
"versionEndExcluding": "5.5.8",
"versionStartExcluding": "5.5.0"
},
{
"criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C297270E-797B-41F7-8C38-6CBE70F5F576",
"versionEndExcluding": "5.6.5",
"versionStartIncluding": "5.6.0"
},
{
"criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DEEE37C3-D9F9-45C6-BB6F-FF1D4BDC7753",
"versionEndExcluding": "5.7.3",
"versionStartIncluding": "5.7.0"
},
{
"criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B61465FD-C06C-48A7-BF01-5AAA5C690546",
"versionEndExcluding": "5.8.2",
"versionStartIncluding": "5.8.0"
}
],
"operator": "OR"
}
]
}
]