[BSERV-12753] Privilege Escalation Vulnerability in Atlassian Bitbucket on Windows - CVE-2020-36233 - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Public Security Vulnerability
Status: Published (View Workflow)
Priority: Low
Resolution: Fixed
Affects Version/s: 6.10.0, 7.8.0
Fix Version/s: 7.6.4, 7.10.1, 6.10.9
Component/s: Security - Other
Labels:

Symptom Severity:
Severity 1 - Critical
CVSS Score:
7.8

Description

Issue Summary

Atlassian Bitbucket on Windows fails to properly set ACLs on its installation directory. Because Bitbucket installs High-privileged services, this allows for multiple privilege escalation vulnerability possibilities.

Affected Versions

The following versions are only affected on Windows:

All versions < 6.10.9
7.x < 7.6.4
7.7.x
7.8.x
7.9.x
7.10.0

Fixed Versions

6.10.9 (Long Term Support release)
7.6.4 (Long Term Support release)
7.10.1

Attachments

Issue Links

relates to: VULN-229700 Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Christopher Kochovski

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 16/Feb/2021 12:44 AM

Updated:: 16/Feb/2021 8:01 PM

Resolved:: 16/Feb/2021 12:44 AM

Backbone Issue Sync

BbS JAC Mirror <> Bitbucket Server

Synced with:

BBSJAC-628

Issue sync status:

UP TO DATE

Last received:

16/Feb/21 12:45 AM

Last sent:

16/Feb/21 8:01 PM