CVE-2018-25332
EUVD-2018-2185317.05.2026, 13:16
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR plugin via the git-lfs endpoint, and execute system commands through an exposed exploit endpoint.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gitbucket | gitbucket | 𝑥 < 4.24.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration