CVE-2018-5225

CWE-593 documents3 sources

Severity

9.9CRITICAL

EPSS

2.7%

top 14.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Bitbucket Server Atlassian Bitbucket

Timeline

PublishedMar 22

Latest updateMay 14

Description

In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5atlassian/bitbucket_server4.13.0 — unspecified+9

▶NVDatlassian/bitbucket4.13.0 — 5.4.8+4

🔴Vulnerability Details

GHSA

GHSA-m5mm-7f4v-27v9: In browser editing in Atlassian Bitbucket Server from version 4↗2022-05-14

▶

CVEList

CVE-2018-5225: In browser editing in Atlassian Bitbucket Server from version 4↗2018-03-22

▶