In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Atlassian

Bitbucket Server

Affected Versions:

4.13.0 unspecified 5.5.0 unspecified 5.6.0 unspecified 5.7.0 unspecified 5.8.0 unspecified

References

https://jira.atlassian.com/browse/BSERV-10684

http://www.securityfocus.com/bid/103488

https://confluence.atlassian.com/x/3WNsO

Published: 2018-03-22T13:00:00Z

Last Modified: 2024-09-16T18:49:04.214Z

Copied to clipboard!