← back
CVE-2018-5225

CVE-2018-5225

EPSS 3.6%
In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.
Affected products
Atlassian · Bitbucket Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://confluence.atlassian.com/x/3WNsOhttps://jira.atlassian.com/browse/BSERV-10684http://www.securityfocus.com/bid/103488