Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-12753

Privilege Escalation Vulnerability in Atlassian Bitbucket on Windows - CVE-2020-36233

    XMLWordPrintable

    Details

    • Symptom Severity:
      Severity 1 - Critical
    • CVSS Score:
      7.8

      Description

      Issue Summary

      Atlassian Bitbucket on Windows fails to properly set ACLs on its installation directory. Because Bitbucket installs High-privileged services, this allows for multiple privilege escalation vulnerability possibilities.

      Affected Versions

      The following versions are only affected on Windows:

      • All versions < 6.10.9
      • 7.x < 7.6.4
      • 7.7.x
      • 7.8.x
      • 7.9.x
      • 7.10.0

      Fixed Versions

      • 6.10.9 (Long Term Support release)
      • 7.6.4 (Long Term Support release)
      • 7.10.1

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              ckochovski@atlassian.com Christopher Kochovski
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Backbone Issue Sync

                  • BbS JAC Mirror <> Bitbucket Server
                    Synced with:
                    BBSJAC-628
                    Issue sync status:
                    UP TO DATE
                    Last received:
                    Last sent: