Details
Low Description
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to gain code execution on the system. This vulnerability was introduced in Bitbucket Server and Data Center version 7.0.
Affected versions:
- 7.0.0 ≤ version < 7.6.19
- 7.7.0 ≤ version < 7.17.12
- 7.18.0 ≤ version < 7.21.6
- 7.22.0 ≤ version < 8.0.5
- 8.1.0 ≤ version < 8.1.5
- 8.2.0 ≤ version < 8.2.4
- 8.3.0 ≤ version < 8.3.3
- 8.4.0 ≤ version < 8.4.2
Fixed versions:
- 7.6.19 or newer
- 7.17.12 or newer
- 7.21.6 or newer
- 8.0.5 or newer
- 8.1.5 or newer
- 8.2.4 or newer
- 8.3.3 or newer
- 8.4.2 or newer
- 8.5.0 or newer
For full descriptions of the above versions of Bitbucket Server and Data Center, see the release notes. You can download the latest version of Bitbucket from the download center. For Frequently Asked Questions (FAQ) click here.
For additional details, see the full advisory: https://confluence.atlassian.com/x/Y4hXRg
Attachments
Issue Links
- mentioned in
-
Page Loading...
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-