Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 7.17.16, 7.21.11, 8.5.4, 8.6.4, 8.7.3, 8.9.1, 8.10.0
Affects Version/s: 7.17.0, 7.21.0, 8.9.0
Component/s: Security - Other
Labels:
- dob-pr
- security

Support reference count:
1
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Issue Summary

Bitbucket Server/DC includes the following two libraries, which may be vulnerable to CVE-2023-20860:

<INSTALL_PATH>/app/WEB-INF/lib/spring-core-5.3.23.jar
<INSTALL_PATH>/opensearch/plugins/opensearch-sql/spring-core-5.3.22.jar

Bitbucket isn't known to be vulnerable, but the vulnerability may still be reported by scanners, so it is necessary to update the library since Bitbucket uses a version that's reported to be vulnerable.

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available

Attachments

Issue Links

causes: PS-130731 Loading...

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(19 mentioned in)

Activity

People

Assignee:: Unassigned

Reporter:: Marek Suchecki

Votes:: 1 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 17/May/2023 6:46 AM

Updated:: 03/Apr/2024 3:16 PM

Resolved:: 18/May/2023 6:10 AM