[BSERV-10684] Remote Code Execution via in Browser Editing - CVE-2018-5225 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 5.9.0, 5.5.8, 5.6.5, 5.7.3, 5.8.2, 5.4.8
Affects Version/s: 4.13.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.4.7
Component/s: None
Labels:

Symptom Severity:
Severity 1 - Critical
Bug Fix Policy:
View Atlassian Server bug fix policy

An authenticated user of Bitbucket Server could gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.

Affected versions:

All versions of Bitbucket Server before 5.4.8 (the fixed version for 4.13.0 through to 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x) are affected by this vulnerability. Bitbucket Server 5.9.0 is not impacted by this vulnerability

Fix:

Bitbucket Server version 5.9.0 is available to download from https://www.atlassian.com/software/bitbucket/download.
Bitbucket Server version 5.8.2 is available to download from https://www.atlassian.com/software/bitbucket/download-archives.
Bitbucket Server version 5.7.3 is available to download from https://www.atlassian.com/software/bitbucket/download-archives.
Bitbucket Server version 5.6.5 is available to download from https://www.atlassian.com/software/bitbucket/download-archives.
Bitbucket Server version 5.5.8 is available to download from https://www.atlassian.com/software/bitbucket/download-archives.
Bitbucket Server version 5.4.8 is available to download from https://www.atlassian.com/software/bitbucket/download-archives.

For additional details see the full advisory.

mentioned in: Page Failed to load; Page Failed to load; Page Failed to load; Page Failed to load

relates to: SECENG-1329 Failed to load

Form Name

Matt Hart (Inactive) added a comment - 13/Mar/2018 8:28 AM - edited

CVSS v3 score: 9.9 => Critical severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	Low
Privileges Required	Low
User Interaction	None

Scope Metric

Scope	Changed

Impact Metrics

Confidentiality	High
Integrity	High
Availability	High

https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Matt Hart (Inactive) added a comment - 13/Mar/2018 8:28 AM - edited CVSS v3 score: 9.9 => Critical severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required Low User Interaction None Scope Metric Scope Changed Impact Metrics Confidentiality High Integrity High Availability High https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Assignee:: Unassigned

Reporter:: Matt Hart (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 7 Start watching this issue

Created:: 13/Mar/2018 8:23 AM

Updated:: 19/Dec/2019 11:58 PM

Resolved:: 13/Mar/2018 8:30 AM

Details

Description

Attachments

Issue Links

Forms

Activity

[BSERV-10684] Remote Code Execution via in Browser Editing - CVE-2018-5225

Collapse comment: Matt Hart (Inactive) added a comment - 13/Mar/2018 8:28 AM, Edited by Matt Hart - 13/Mar/2018 8:28 AM

Expand comment: Matt Hart (Inactive) added a comment - 13/Mar/2018 8:28 AM, Edited by Matt Hart - 13/Mar/2018 8:28 AM

People

Dates

Backbone Issue Sync