Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-12753

Privilege Escalation Vulnerability in Atlassian Bitbucket on Windows - CVE-2020-36233

    XMLWordPrintable

Details

    • Severity 1 - Critical
    • 7.8
    • CVE-2020-36233
    • PrivEsc (Priviledge Escalation)

    Description

      Issue Summary

      Atlassian Bitbucket on Windows fails to properly set ACLs on its installation directory. Because Bitbucket installs High-privileged services, this allows for multiple privilege escalation vulnerability possibilities.

      Affected Versions

      The following versions are only affected on Windows:

      • All versions < 6.10.9
      • 7.x < 7.6.4
      • 7.7.x
      • 7.8.x
      • 7.9.x
      • 7.10.0

      Fixed Versions

      • 6.10.9 (Long Term Support release)
      • 7.6.4 (Long Term Support release)
      • 7.10.1

       

      Attachments

        Issue Links

          relates to

          VULN-229700 Loading...

          Activity

            People

              Unassigned Unassigned
              ckochovski@atlassian.com Christopher Kochovski
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Backbone Issue Sync