CVE-2018-5225

22.03.2018, 13:29

In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.

Link Following

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.9 CRITICAL	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
atlassian	bitbucket	4.13.0 ≤ 𝑥 < 5.4.8
atlassian	bitbucket	5.5.0 < 𝑥 < 5.5.8
atlassian	bitbucket	5.6.0 ≤ 𝑥 < 5.6.5
atlassian	bitbucket	5.7.0 ≤ 𝑥 < 5.7.3
atlassian	bitbucket	5.8.0 ≤ 𝑥 < 5.8.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://www.securityfocus.com/bid/103488

https://confluence.atlassian.com/x/3WNsO

https://jira.atlassian.com/browse/BSERV-10684

http://www.securityfocus.com/bid/103488

https://confluence.atlassian.com/x/3WNsO

https://jira.atlassian.com/browse/BSERV-10684