Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 7.6.19, 7.17.12, 7.21.6, 8.0.5
Affects Version/s: 7.6.18, 7.17.11, 7.21.5
Component/s: BBS DoS
Labels:
- dob-pr

Support reference count:
3
Symptom Severity:
Severity 2 - Major
UIS:
30

Issue Summary

Bitbucket 8.1 updated Tomcat to 9.0.62 back in April and today CVE-2021-43980 has been published. It isn't obvious if Bitbucket is vulnerable, but we should backport the change to a 7.x LTS if possible to ease customer concerns.

This is reproducible on Data Center: yes

Steps to Reproduce

Refer to the CVE

Expected Results

Bitbucket DC should include non-vulnerable version of Apache Tomcat.

Actual Results

Bitbucket DC includes a potentially vulnerable version of Apache Tomcat.

Workaround

Currently there is no known workaround for this behaviour. A workaround will be added here when available.

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(14 mentioned in)

Assignee:: Milly Wilson
Reporter:: Marek Suchecki (Inactive)
Votes:: 1 Vote for this issue
Watchers:: 8 Start watching this issue

Created:: 29/Sep/2022 8:11 AM
Updated:: 01/Mar/2023 2:58 PM
Resolved:: 27/Oct/2022 3:53 AM

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Issue Links

Activity

People

Dates