Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-12103

https://jira.atlassian.com/browse/JRASERVER-70409 for Bitbucket Server

XMLWordPrintable

      The version of the Application Links plugin used in Bitbucket Server and Bitbucket Data Center before version 5.16.6, from version 6.0.0 before version 6.0.6, from version 6.1.0 before version 6.1.5, from version 6.2.0 before version 6.2.2, and from version 6.3.0 before version 6.3.1 allows remote attackers to obtain information about configured application links via a missing permissions check. See https://ecosystem.atlassian.net/browse/APL-1386 for more details.

          Form Name

            [BSERV-12103] https://jira.atlassian.com/browse/JRASERVER-70409 for Bitbucket Server

            Security Metrics Bot added a comment -

            CVSS v3 score: 5.8 => Medium severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity Low
            Privileges Required None
            User Interaction None

            Scope Metric

            Scope Changed

            Impact Metrics

            Confidentiality Low
            Integrity None
            Availability None

            https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

            Security Metrics Bot added a comment - CVSS v3 score: 5.8 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required None User Interaction None Scope Metric Scope Changed Impact Metrics Confidentiality Low Integrity None Availability None https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: