Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 7.6.19, 7.17.12, 7.21.6, 8.0.5
Affects Version/s: 7.6.18, 7.17.11, 7.21.5
Component/s: BBS DoS
Labels:
- dob-pr

Support reference count:
3
Symptom Severity:
Severity 2 - Major
UIS:
30
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Issue Summary

Bitbucket 8.1 updated Tomcat to 9.0.62 back in April and today CVE-2021-43980 has been published. It isn't obvious if Bitbucket is vulnerable, but we should backport the change to a 7.x LTS if possible to ease customer concerns.

This is reproducible on Data Center: yes

Steps to Reproduce

Refer to the CVE

Expected Results

Bitbucket DC should include non-vulnerable version of Apache Tomcat.

Actual Results

Bitbucket DC includes a potentially vulnerable version of Apache Tomcat.

Workaround

Currently there is no known workaround for this behaviour. A workaround will be added here when available.

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(14 mentioned in)

Activity

People

Assignee:: Milly Wilson

Reporter:: Marek Suchecki

Votes:: 1 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 29/Sep/2022 8:11 AM

Updated:: 01/Mar/2023 2:58 PM

Resolved:: 27/Oct/2022 3:53 AM