cbcvebase.
CVE-2018-5225
published 2018-03-22

CVE-2018-5225: In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed…

critical9.9CVSS 3.0
AVNACLPRLUINSCCHIHAH
In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.

Affected

15 ranges
VendorProductVersion rangeFixed in
atlassianbitbucket< 5.5.85.5.8
atlassianbitbucket>= 4.13.0 < 5.4.85.4.8
atlassianbitbucket>= 5.6.0 < 5.6.55.6.5
atlassianbitbucket>= 5.7.0 < 5.7.35.7.3
atlassianbitbucket>= 5.8.0 < 5.8.25.8.2
atlassianbitbucket_server>= 4.13.0 < unspecifiedunspecified
atlassianbitbucket_server>= 5.5.0 < unspecifiedunspecified
atlassianbitbucket_server>= 5.6.0 < unspecifiedunspecified
atlassianbitbucket_server>= 5.7.0 < unspecifiedunspecified
atlassianbitbucket_server>= 5.8.0 < unspecifiedunspecified
atlassianbitbucket_server>= unspecified < 5.4.85.4.8
atlassianbitbucket_server>= unspecified < 5.5.85.5.8
atlassianbitbucket_server>= unspecified < 5.6.55.6.5
atlassianbitbucket_server>= unspecified < 5.7.35.7.3
atlassianbitbucket_server>= unspecified < 5.8.25.8.2