Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-12753

Privilege Escalation Vulnerability in Atlassian Bitbucket on Windows - CVE-2020-36233

XMLWordPrintable

    • Severity 1 - Critical
    • 7.8
    • CVE-2020-36233
    • PrivEsc (Priviledge Escalation)

      Issue Summary

      Atlassian Bitbucket on Windows fails to properly set ACLs on its installation directory. Because Bitbucket installs High-privileged services, this allows for multiple privilege escalation vulnerability possibilities.

      Affected Versions

      The following versions are only affected on Windows:

      • All versions < 6.10.9
      • 7.x < 7.6.4
      • 7.7.x
      • 7.8.x
      • 7.9.x
      • 7.10.0

      Fixed Versions

      • 6.10.9 (Long Term Support release)
      • 7.6.4 (Long Term Support release)
      • 7.10.1

       

              Unassigned Unassigned
              ckochovski@atlassian.com Christopher Kochovski
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: