CVE-2018-5225

CVE Database · CVE-2018-5225

CVE-2018-5225

· N/AModified

CVSS v3.1

N/A

EPSS

3.62%

Published

Mar 22, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.

Weaknesses (CWE)

CWE-59

Affected Products (5)

atlassian · bitbucket (up to 5.4.8)vulnerable

atlassian · bitbucket (up to 5.5.8)vulnerable

atlassian · bitbucket (up to 5.6.5)vulnerable

atlassian · bitbucket (up to 5.7.3)vulnerable

atlassian · bitbucket (up to 5.8.2)vulnerable

References (6)

http://www.securityfocus.com/bid/103488

Third Party AdvisoryVDB Entry

https://confluence.atlassian.com/x/3WNsO