Unrated severityNVD Advisory· Published Mar 22, 2018· Updated Sep 16, 2024

CVE-2018-5225

Description

In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.

Affected products

Atlassian/Bitbucket Servercpe-rescue
Range: 4.13.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/103488mitrevdb-entryx_refsource_BID
confluence.atlassian.com/x/3WNsOmitrex_refsource_CONFIRM
jira.atlassian.com/browse/BSERV-10684mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000