Vulnerability Description
In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Bitbucket | >= 4.13.0, < 5.4.8 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103488Third Party AdvisoryVDB Entry
- https://confluence.atlassian.com/x/3WNsOVendor Advisory
- https://jira.atlassian.com/browse/BSERV-10684Vendor Advisory
- http://www.securityfocus.com/bid/103488Third Party AdvisoryVDB Entry
- https://confluence.atlassian.com/x/3WNsOVendor Advisory
- https://jira.atlassian.com/browse/BSERV-10684Vendor Advisory
FAQ
What is CVE-2018-5225?
CVE-2018-5225 is a vulnerability with a CVSS score of 9.9 (CRITICAL). In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (th...
How severe is CVE-2018-5225?
CVE-2018-5225 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-5225?
Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Bitbucket.