Atlassian Bitbucket Server Remote Code Execution Vulnerability (CVE-2018-5225)
Atlassian Bitbucket Server Remote Code Execution Vulnerability (CVE-2018-5225)
Release date:
Updated on:
Affected Systems:
Atlassian Bitbucket Server 5.8.0 < 5.8.2
Atlassian Bitbucket Server 5.7.0 < 5.7.3
Atlassian Bitbucket Server 5.6.0 < 5.6.5
Atlassian Bitbucket Server 5.5.0 < 5.5.8
Atlassian Bitbucket Server 4.13.0 < 5.4.8
Description:
Bugtraq id: 103488
CVE (CAN) ID: CVE-2018-5225
Bitbucket is a Git solution that is suitable for developing professional teams who want to manage their own instances.
The Bitbucket Server has a security vulnerability in browser editing, which allows authenticated users to remotely execute arbitrary code through the symbolic links in the library.
<* Source: vendor
*>
Suggestion:
Vendor patch:
Atlassian
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.atlassian.com/
Https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2018-03-21-946627549.html
Https://jira.atlassian.com/browse/BSERV-10684
This article permanently updates link: https://www.bkjia.com/Linux/2018-03/151578.htm